I'm working on an application which uses Volume Shadow Copy Service to backup a particular file at regular intervals. This works when run as admin but when I run the service under the "Network Service" account which I believed to be the correct choice for such as application I am unable to set the SE_BACKUP_NAME privilege and therefore unable to use VSS.
It seems incorrect to run the service as admin but that seems to be the only option. Do I have any other choice?
Backup software should run as "a user with the lowest privilege level required in order for it to read & back up all of the files you want backed up".
Typically this means
root(or some other UID 0 account) on Unix systems, and a member of theBackup Operatorsgroup on recent versions of Windows.Some Windows backup software that doesn't take advantage of the
Backup Operatorsfunctionality may need to be run from either a Local Admin or Domain Admin account, but these should be extremely rare, and if you're using backup software specifically for Windows that shouldn't happen...Normally backup software installation grants the correct privileges to the user the SysAdmin selects to run the backup.
If it is not your case, you should check the software documentation.
Generally, if you don't want to use a user member of Administrators group the user should be able to connect to the network (in your case) and to bypass security to make backup. You can grant this privileges in the Security Policy editor.