Recently I got the chance to redesign the existing backup environment of a customer. The customer has been successfully using Veeam Backup & Replication for years, but the environment has been growing over the years and therefore the backup environment has been adjusted from time to time. After an unpleasant data loss mid-year, the customer decided to give us the task of revising his backup environment.
As part of the design, we decided to leave all components of the backup environment outside the customer’s productive Active Directory domain and only connect where absolutely necessary. In general this works without problems, only the installation and configuration of additional, Windows-based Managed Servers to use them for example as remote backup repository requires some additional attention. If we try to add the Managed Server in the Veeam Backup & Replication Console and do not use the default Account Administrator (UID 500), the installation of the necessary Veeam Services fails due to Remote UAC being enabled by default.

The problem can be solved in two ways:
- Use the default Administrator user (UID 500).
- Create a registry entry as described in this Microsoft KB article.
As we do not want to use a standard account in our design (a general recommendation), we use dedicated service accounts and therefore rely on the second solution. For those of you who don’t want to read the Microsoft article here are the steps you need to perform on the managed server.
Resolution
- Launch regedit (Click Start, type regedit and press ENTER).
- Navigate to the following register entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Create a new DWORD value (32-Bit) with the following name:
 LocalAccountTokenFilterPolicy
- Assign the new DWORD the value 1.
After creating the registry entry, adding the Managed Server and installing the Veeam Services works without any problems.
