Path: csiph.com!eternal-september.org!feeder.eternal-september.org!nntp.eternal-september.org!.POSTED!not-for-mail From: Erland Sommarskog Newsgroups: comp.databases.ms-sqlserver Subject: Re: Backup to a network share Date: Thu, 22 Jan 2026 23:06:45 +0100 Organization: Erland Sommarskog Lines: 29 Message-ID: References: <20260122172111.aa47435016e93d0e505cb230@g{oogle}mail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Injection-Date: Thu, 22 Jan 2026 22:06:46 +0000 (UTC) Injection-Info: dont-email.me; posting-host="c93a20d6520415d8d2e7f50842f9f1c6"; logging-data="3574535"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+DXpXEggWMwma4INTx7PWY" User-Agent: Xnews/2006.08.24 Mime-proxy/2.1.c.0 (Win32) Cancel-Lock: sha1:1RmqMO4pQKsTmfGEAvaP9C/AlUU= Xref: csiph.com comp.databases.ms-sqlserver:2276 Anton Shepelev (anton.txt@g{oogle}mail.com) writes: > While setting up backup via maintenance plans, > we have found that we cannot specify a Windows network > directory as backup target, because the MSSQL > service runs as the standard local user MSSQL$ , > which (naturally) has no access to it. > > Our administator suggests re-configuring it > to run as domain-level user > (with access to the requrired network share), > or even use a two-stage backup, > with a separate step of moving the backup files > from the local machine to the network. > > The only other way we know to make that share > accessible to MSSQL is to give it permissions > for /everyone/, which we should rather avoid. > > What are some best (or least tolearable) practices > of backing up MSSQL to a network share on Windows? Run with a gMSA, I guess. That is, rather a machine-local MSA, an MSA that exists in the AD and therefore can be granted access to the network share. One more alternative to the list above is to grant access to the machine account, that is DOMAIN\MACHINE$, but that is less secure.