What you can do with built-in group “BackupOperators privilege”, differences from administrators authority

What is the Built-in Group?

A Built-in Group is a special group included from Windows installation. And he has some special authority.

What is BackupOperators?

With the / B option of robocopy, it works with the BackupOperators privilege which is one of the Built-in Groups. With this permission, you can back up files and folders by ignoring the access rights, even Windows administrator can not access files unless you have access rights.

Then, if you let administrator belong to the BackupOperators group, you may think that you can copy the folders and files.

However, this can not be realized.

What is the authority given to BackupOperators?

Then what is the authority given to BackupOperators is the authority to use the API called "NTFS Backup API" standardized by Windows.

https://technet.microsoft.com/en-us/library/cc976700.aspx

There are many tools useful for backup, such as the function of using VSS (Volume Shadow-copy Service), in the API, and with robocopy, /B option realizes "function to backup ignoring access priveledge".

However, in order to use the backup API, API key is required. In other words, it requires authorization from Microsoft, so it can not be used easily.

To share

  • このエントリーをはてなブックマークに追加

To follow