Years ago when I setup BE on our many servers and sites I was instructed (against my better judgment) to use a shared domain admin AD account rather than a common AD user account for the BE application and use it as the default logon account. Now 10 years later our security wants us to stop using it.
I have created a common AD user account with no particular rights, put it in the ADMINISTRATORS group of the BE server, changed the services to use this account and created and set the default BE account for it as well as switched the backup jobs to use it. All that's left is the System Logon Account. I cannot delete it, I cannot change it, it refuses to allow it.
I have used from the BE app itself menu -> NETWORK -> LOGON ACCOUNTS and set the NEW account as default and public. When trying to delete the OLD account that currently is the BESLA it refuses stating that a whole list of users (including myself) has it set as their default. More than once it has offered to swap the jobs out to another account, I've chosen my NEW account and it ran only to error leaving the old account as BESLA. Several of the users it lists are not even with the company any more.
I tried to use BEUTIl, which asks for the account name and password, acts like it does something, sometimes producing an error sometimes, sometimes not and it never works. The OLD account is still the BESLA.
I've rebooted and restarted the BEservices several times. I’ve even attempted to use the OLD account as the logon to Windows thinking since it has higher credentials than my own account it may work. Nada, nothing works.
Security plans on deleting the OLD account soon. While backups now work the way it is with the new account being used everywhere else in BE having the BESLA set for the OLD account makes me worry.
Is there a secret to tearing this thing out forcibly? I don't want to reinstall BE because I have a ton of jobs, catalogs, history and settings I don't want to replicate.
What exactly does the BESLA do anyway after installation? If the AD account to which it is set is deleted will it jeopardize my backups?
We are running BE 11, 12 and 12.5 and 2010 all over the USA. I have not tried it on any other machine but this 2010 server.