I've noticed that some of my NT servers are crashing (a Dr.Watson crash, and a memory dump) when Networker try to backup REPAIRDISK:

This Wiki is brought to you by Backup Central, where you can find the Mr. Backup Blog, Forums, and a mailing list for each forum!
Backup FAQs	Service Providers	Backup Software	Backup Hardware	Backup Book Wiki	Free Stuff	Miscellaneous

A. Lynn Glessner submitted (21 March 2000): This is a common question, and IMHO belongs in the FAQ for NT. There are three workarounds:

1. Specify your savesets, not including REPAIRDISK
2. Run the services under a local admin account.
3. Change the NT security as described below.

The following is copied from the Legato Tech Dialog: Saving REPAIRDISK Results in a Dr. Watson Error in Winmsd.exe NT 4.0 service pack 3 NetWorker 5.1 During a NetWorker backup attempt, Microsoft's winmsd binary causes a Dr. Watson error when run from the anonymous user logon Analysis: Legato's Remote Exec Service calls Microsoft's winmsd program when started. If the Remote Exec Service is started from an anonymous user logon, winmsd.exe causes a Dr. Watson error. By default, Remote Exec Services runs from the System Account, (user SYSTEM). WINMSD.EXE provides information about the system configuration and status by reading the Windows NT Registry. Solution: The user that starts Remote Exec Services needs local backup privileges. No other special file access is required since Microsoft's backup API provides this access already to a user with backup privileges. Administrators who want to require only authenticated users to list account names, and exclude anonymous connections from doing so, need to make the following change to the registry: WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk. Run Registry Editor (Regedt32.exe). Go to the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA On the Edit menu, click Add Value and use the following entry: Value Name: RestrictAnonymous Data Type: REG_DWORD Value: 1 Exit the Registry Editor and restart the computer for the change to take effect. When the RestrictAnonymous value is set to 1, anonymous connections from the Graphical User Interface tools for security management will receive an access denied error when attempting to get the list of account names. When the RestrictAnonymous value is set to 0, or the value is not defined, anonymous connections will be able to list account names and enumerate share names. It should be noted that even with the value of RestrictAnonymous set to 1, although the user interface tools with the system will not list account names, there are Win32 programming interfaces to support individual name lookup that do not restrict anonymous connections. Additional Information: Review Microsoft technet article Q143474 for further details surrounding the anonymous connections. (If you are unable to access this link, please visit Microsoft's World Wide Web site at http://www.microsoft.com/. Created 8/24/98