Re: How does Local System Account bypass file permissions during a backup?
From: Tommy Gilchrist (tommy_at_delete.gilchristcs.the.com.needful)
Date: 11/04/04
- Next message: Lawrence Tse: "Re: video server"
- Previous message: Ian Fids: "Startup problem"
- In reply to: Pegasus \(MVP\): "Re: How does Local System Account bypass file permissions during a backup?"
- Next in thread: Marco: "Re: How does Local System Account bypass file permissions during a backup?"
- Reply: Marco: "Re: How does Local System Account bypass file permissions during a backup?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 04 Nov 2004 08:55:30 +0000
On Thu, 4 Nov 2004 10:13:19 +1100, "Pegasus \(MVP\)" <I.can@fly.com>
wrote:
>
>"Tommy Gilchrist" <tommy@delete.gilchristcs.the.com.needful> wrote in
>message news:1imio0524tuobb6i56b6amrvvlib5ce48p@4ax.com...
>> Folks
>>
>> I wonder could you shed some light on a problem we're having.
>>
>> The nature of the problem is very odd in that I'm arguing with a
>> backup vendor who shall remain nameless over a feature that I need,
>> that any backup software should be able to do, that their software
>> seems to be capable of doing but (and this is the odd bit) they claim
>> their software CAN'T do!
>>
>> The backup agent runs under the local system account and the vendor is
>> claiming that this means that all files must have "SYSTEM" granted
>> read access in order to guarantee a successful backup. Given that
>> there are about 100 file servers hosting millions of files in the
>> enviroment and multiple people have access to change permissions this
>> obviously can't be guaranteed.
>>
>> However I can create files, give them very restricted permissions,
>> even remove all permissions and the backup program can back them up
>> successfully. I've tested this on Windows NT 4.0, 2000 and 2003.
>>
>> What may help move the discussion forward is an understanding of how
>> the local system account accesses files. I understand that members of
>> the Backup Operators group and the Administrators group get the "Back
>> up files and folders" permission which will permit this. However the
>> SYSTEM account isn't a member of either group by default.
>>
>> Is the SYSTEM account the same as the Local System Account services
>> run under. Does the Local System Account have these permissions
>> automatically or is this not relevant at all and am I barking up the
>> wrong tree?
>>
>> thanks
>>
>> tommy
>
>The SYSTEM account has implicit access permissions to all local
>files and folders (but not to networked resources). This is independent
>of any NTFS permissions that you might set.
>
Thanks for this. I suspected it was something of this nature.
Do you know if this is documented anywhere, preferably on one of
Microsoft's sites?
tommy
- Next message: Lawrence Tse: "Re: video server"
- Previous message: Ian Fids: "Startup problem"
- In reply to: Pegasus \(MVP\): "Re: How does Local System Account bypass file permissions during a backup?"
- Next in thread: Marco: "Re: How does Local System Account bypass file permissions during a backup?"
- Reply: Marco: "Re: How does Local System Account bypass file permissions during a backup?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
