Understanding the Continuous Protection Server service account

Some CPS services are run in the context of a user account that is configured for the CPS system services. To specify an account for CPS, enter a name and password of an Administrator account for the CPS services to use.

The services will not start if the account password has expired. Also, if the services try to start too many times with an expired password, the user may get locked out of the account.

If the computer that is hosting the CPS services is in a domain, enter a Domain user’s account. The CPS installer adds the account to the local Administrator’s group.

If this computer is in a workgroup, enter an Administrator’s account, or an equivalent account that is part of the Administrator’s group on the computer.

The account that is designated for the CPS services (whether it is a new account or an existing account) will be assigned the following rights:

  • Log on as a service.

  • Administrator rights (provides complete and unrestricted rights to the computer).

On a computer running Windows Server 2003, you cannot install CPS using a service account that has a blank password. If you attempt to do so, an error message is displayed. You can configure Windows to allow for blank passwords.

For more information, see the Windows documentation.

The account that is used must be valid on each node in the Backup Group. This account may require establishing a Domain Trust relationship.

If a cross domain trust exists between the computers push installing from and to, the account that is running from the installing computer must be present in the local administrators group of the computer being push installed to.

When operating in a workgroup environment, all nodes in the backup group must run in non-secure mode. (Pre and post-job scripts run under the service account, although additional rights may be required.)

Understanding the Continuous Protection Server service account