Account permissions needed for protecting machine?

Good  evening. Forgive me if I missed this in documentation, but I haven't been able to find out what the required permissions for accounts used by Rapid Recovery.

I installed the agent on my Hyper-V cluster hosts, and see that the service runs as "local system". 
My question is about the account used when applying protection to my guests.  Can this be a domain account with "back operators" permissions, or will more permissions be required?  I realize that many people will just run this with a Domain admin account, but I want to ensure that we're operating in an environment of least privilege.



  • When protecting machines, you need to use an account with local administrator privileges on the HyperV cluster. So you could use a domain account that is not a member of Domain Admins but is a local administrator on each of the nodes in your HyperV cluster. That should provide the necessary permissions for backup but not give that account global rights within your domain.