Starting NetBackup daemons and services as non-administrative user
You can start most of the NetBackup daemons and services as a non-root user. Start the NetBackup services as a non-root user. If you decide to use a less privileged user, you must plan accordingly. Ensure that the user account has access to the paths of disaster recovery files, external certificate authority (ECA) files, and temporary files.
On UNIX and Linux, you see a new prompt during the primary server upgrade. The new prompt asks you to provide a service user, preferably a non-root user. You must create this user in advance and the user must have nbwebgrp as the secondary group.
The service user is used as the database user if it is a non-root account. In this case, you are not prompted for a separate database user.
On Windows, you can use the Local Service built-in account as the service account. This option is available in the Custom upgrade path for primary servers.
You can use the nbserviceusercmd command to change the service user on media servers and clients after the installation completes. Refer to the NetBackup Commands Reference Guide for more information about the nbserviceusercmd command. For more details about the service user account, refer to https://www.veritas.com/support/en_US/article.100053035.
On Windows, if services such as the NetBackup Legacy Network Service or the NetBackup Client Service run as an administrator account other than Local System, their Log on as value isn't changed.