Using network shares as targets for the file-based Backup tool in Windows Vista

Beta testers using the file backup application in Windows Vista have complained about being prompted for a user name and password after they try to back up to a network share. It’s especially frustrating for users who know they already have access to the share. Though this behavior might seem like a bug, there’s a good reason why the prompt occurs: the backup application needs to store the user name and password for the share so that when the scheduled backup job runs, under the “LocalSystem” account, the backup application can use those credentials to access the share.  If the backup application didn’t gather these credentials ahead of time, you would be prompted to enter them before each backup. (And I should mention that if the password changes at some point, you’ll need to re-enter the credentials in the backup settings or else the next backup will fail, and the resulting error message will then link you to a UI that lets you update the backup configuration.)

Speaking of backing up to network shares, there is another requirement you should be aware of: the credentials you supply must have what is called “Full Control” to the target share, also known as “Co-owner” of the share if you use the setup wizard in Windows Vista. This means that both the file system permissions and share permissions must be set to Full Control for the user name you specify in the backup. To help maintain the security of the backup location, we recommend that you set up a user account to be used only by the backup application, and then set permissions on the share and folder so that only your “backup user” account can access it. That account can be a local account on the computer where you host the network share, or it can be a domain account. It does not have to be the administrator account on that computer.

And finally, we want to call out two specific issues with backing up to a share on a computer running Windows XP:

  • A network share on a computer running Windows XP Home Edition is not supported as a backup location because this edition does not support setting permissions on the shares, nor does it support authenticating as a specific account over the network.
  • Setting permissions on a share on a computer running Windows XP Professional can be tricky if your computer is part of a workgroup. Follow the steps described in KB 307874, “How to disable simplified sharing and set permissions on a shared folder in Windows XP” for instructions.

–Jill (with help from Dan Stevenson and Ivan Pashov)