Working with Systems in a Workgroup

When the Archive Manager server and/or one or more of the remote computers to be protected is a standalone server in a workgroup (not a domain), the following best practices and workarounds apply.

1. Create a backup service account on the Archive Manager server that is a member of the local administrators group.

2. Create a backup service account on each remote computer with the same user name and password, with local administrators membership.

3. Log onto the Archive Manager server with a domain admin account, if one exists, or else with a different local administrator account than the backup account. When you add a remote computer and click on the computer name in the All Computers group, a dialog box will open that asks for credentials. Connect using the backup account. If you log on with the backup account, you will not be able to complete the Create Protection Plan wizard.

4. When the credentials are entered, in the Actions pane an option to Create Protection Plan will appear. Create a protection plan. On the Scheduling page, set the schedule but ignore the account used to run the scheduled task. Click Next and Finish. You will receive an error that the account information could not be saved.

5. Log onto the remote computer with a Remote Desktop session. Open Scheduled Tasks and find the Remote Archive scheduled task. Open it and enter the local backup account name and password. Click OK.

6. With pass through authentication (matching accounts), the plan running on the remote computer attempts to write to a history folder and a logs folder on the Archive Manager computer, but does not have permission. Edit the folders permissions to give local Users group change permissions. The folders are at \Remote\Logs and \History.

7. If the Archive Manager server is in a workgroup you will need to add the following registry setting if it is not already there. Windows User Account Control (UAC) treats local administrator accounts as standard accounts when accessing the computer using a remote administrative connection. To disable this restriction add a DWORD value to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System called LocalAccountTokenFilterPolicy and set its data to 1. Refer to http://support.microsoft.com/kb/951016 for more information.