Details

Back up files and directories

This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system.

Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:

Traverse Folder/Execute File

List Folder/Read Data

Read Attributes

Read Extended Attributes

Read Permissions

Caution

Assigning this user right can be a security risk. Since there is no way to be sure that a user is backing up data, stealing data, or copying data to be distributed, only assign this user right to trusted users.

Default on workstations and servers: Administrators

Backup Operators.

Default on domain controllers:Administrators

Backup Operators

Server Operators

Solution

Policy Path: Local PoliciesUser Rights Assignment
Policy Name: Backup files and directories

Supportive Information

The following resource is also helpful.

• https://www.microsoft.com/en-us/download/details.aspx?id=55319

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-6(7)(b)
• CSCv6|5.1

Source

• Tenable.com/audits