[Yandex Cloud documentation](../../index.md) > [Yandex Cloud Backup](../index.md) > [Step-by-step guides](index.md) > VM in Cloud Backup > Creating and connecting a Windows VM

# Creating a Windows Server VM with a connection to Cloud Backup

You can back up your Compute Cloud [VMs](../../compute/concepts/vm.md) with [supported Windows-based operating systems](../concepts/vm-connection.md#windows).

For the proper [Cloud Backup agent](../concepts/agent.md) operation, the VM must meet the [minimum requirements](../concepts/vm-connection.md#requirements).

## Getting started {#before-you-begin}

1. [Create](../../iam/operations/sa/create.md) a service account with the `backup.user` [role](../security/index.md#backup-user) or higher.

    You do not have to use a service account when creating a VM using the [management console](https://console.yandex.cloud). However, the user creating the VM must have the `backup.user` [role](../security/index.md#backup-user) or higher for the folder in which the VM is created.

    {% note warning %}

    Starting August 1, 2026, the [`compute.editor`](../../compute/security/index.md#compute-editor) and [`compute.admin`](../../compute/security/index.md#compute-admin) roles get new permissions allowing them to connect VMs to Yandex Cloud Backup, link and unlink them from [backup policies](../concepts/policy.md).

    If you do not plan to connect your resources to Cloud Backup and do not want to grant such permissions to your users, you can proactively disable these features using the `backup.denyActivation` [authorization policy](../../iam/concepts/access-control/access-policies.md#backup-denyActivation) assigned to your folder, cloud, or organization. For more information on how to create an authorization policy, see [Creating an access policy for a resource](../../iam/operations/access-policies/assign.md).

    {% endnote %}

1. [Set up](../concepts/vm-connection.md#vm-network-access) network access for your VM.

## Creating a VM {#creating-vm}

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder where you want to create a VM.
  1. Navigate to **Compute Cloud**.
  1. In the left-hand panel, select ![image](../../_assets/console-icons/server.svg) **Virtual machines** and click **Create virtual machine**.
  1. Under **Boot disk image**, select an [operating system supported in Cloud Backup](../concepts/vm-connection.md#windows).
  1. Under **Location**, select an [availability zone](../../overview/concepts/geo-scope.md) where your VM will reside.
  1. Under **Network settings**:

      1. Choose a subnet in the selected availability zone.
      1. In the **Public IP address** field, select `Auto`.
      1. Select a [security group](../../vpc/concepts/security-groups.md) configured to work with Cloud Backup.
  1. Enable **Backup**, and in the **Backup policies** field, select a backup [policy](../concepts/policy.md) for Cloud Backup to use for the VM.
     
     If you do not have any backup policy, click **Create** to create one.
     
     To create a new VM with a Cloud Backup connection, your account must have the `backup.user` [role](../security/index.md#backup-user) or higher for the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) you are creating the VM in.
     
     {% note info %}
     
     If your account does not have the `backup.user` role or higher, you can connect the VM to Cloud Backup using a [service account](../../iam/concepts/users/service-accounts.md) which has that role. 
     
     To do this, expand the **Additional** section and select the service account under **Service account**. If required, [create](../../iam/operations/sa/create.md) a new service account and [assign](../../iam/operations/sa/assign-role-for-sa.md) it the `backup.user` [role](../security/index.md#backup-user).
     
     {% endnote %}
     
     {% note tip %}
     
     Installing a Cloud Backup agent is a resource-intensive operation. If you want to use a VM in the minimum possible configuration or, for example, a VM with a [vCPU performance level](../../compute/concepts/performance-levels.md) below 100%, we recommend increasing the VM's resources during the Cloud Backup agent installation.
     
     {% endnote %}
     
     For more information, see [Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup](../concepts/vm-connection.md).
  1. Under **General information**, specify the VM name and description. The naming requirements are as follows:

      * Length: between 3 and 63 characters.
      * It can only contain lowercase Latin letters, numbers, and hyphens.
      * It must start with a letter and cannot end with a hyphen.

      {% note info %}
      
      The VM name is used to generate an [internal FQDN](../../compute/concepts/network.md#hostname), which is set only once, when you create the VM. If the internal FQDN is important to you, make sure to choose an appropriate name for your VM.
      
      {% endnote %}

  1. Specify the other VM parameters as needed.
  1. Click **Create VM**.

- CLI {#cli}

  1. Select a [folder](../../resource-manager/concepts/resources-hierarchy.md#folder):

      ```bash
      yc resource-manager folder list
      ```

      Result:

      ```text
      +----------------------+--------------------+------------------+--------+
      |          ID          |        NAME        |      LABELS      | STATUS |
      +----------------------+--------------------+------------------+--------+
      | wasdcjs6be29******** | my-folder          |                  | ACTIVE |
      | qwertys6be29******** | default            |                  | ACTIVE |
      +----------------------+--------------------+------------------+--------+
      ```

  1. Select a [subnet](../../vpc/concepts/network.md#subnet):

      ```bash
      yc vpc subnet list --folder-id <folder_ID>
      ```

      Result:

      ```text
      +----------------------+---------------------------+----------------------+----------------+-------------------+-----------------+
      |          ID          |           NAME            |      NETWORK ID      | ROUTE TABLE ID |       ZONE        |      RANGE      |
      +----------------------+---------------------------+----------------------+----------------+-------------------+-----------------+
      | b0c6n43f9lgh******** | default-ru-central1-d     | enpe3m3fa00u******** |                | ru-central1-d     | [10.***.0.0/24] |
      | e2l2da8a20b3******** | default-ru-central1-b     | enpe3m3fa00u******** |                | ru-central1-b     | [10.***.0.0/24] |
      | e9bnlm18l70a******** | default-ru-central1-a     | enpe3m3fa00u******** |                | ru-central1-a     | [10.***.0.0/24] |
      +----------------------+---------------------------+----------------------+----------------+-------------------+-----------------+
      ```

  1. Create the `init.ps1` file with a script for installing the Cloud Backup agent on your VM:

      ```powershell
      #ps1_sysnative
      echo 'Starting to execute backup agent installation'
      Invoke-WebRequest https://storage.yandexcloud.net/backup-distributions/agent_installer.ps1 -UseBasicParsing | Invoke-Expression
      ```

  1. Create a VM:

      ```bash
      yc compute instance create \
        --folder-id <folder_ID> \
        --name <VM_name> \
        --zone <availability_zone> \
        --network-interface subnet-name=<subnet_name>,nat-ip-version=ipv4,security-group-ids=<security_group_ID> \
        --create-boot-disk image-id=<image_ID>,size=<boot_disk_size> \
        --cores 2 \
        --core-fraction 100 \
        --memory 4 \
        --service-account-name <service_account_name> \
        --metadata-from-file user-data=<path_to_file_with_script>
      ```

      Where:

      * `--name`: VM name.

        {% note info %}
        
        The VM name is used to generate an [internal FQDN](../../compute/concepts/network.md#hostname), which is set only once, when you create the VM. If the internal FQDN is important to you, make sure to choose an appropriate name for your VM.
        
        {% endnote %}

      * `--zone`: [Availability zone](../../overview/concepts/geo-scope.md) corresponding to the selected subnet.
      * `subnet-name`: Name of the selected [subnet](../../vpc/concepts/network.md#subnet).
      * `security-group-ids`: ID of the [security group](../../vpc/concepts/security-groups.md) configured to work with Cloud Backup.
      * `image-id`: OS [image ID](../../compute/concepts/image.md). See the [list of supported Windows-based operating systems](../concepts/vm-connection.md#windows).
      * `size`: Boot disk size.
      * `--cores`: [Number of vCPUs](../../compute/concepts/vm.md) in the VM.
      * `--core-fraction`: Guaranteed vCPU share, in %.
      * `--memory`: VM [RAM size](../../compute/concepts/vm.md).
      * `--service-account-name`: Name of the [service account](../../iam/concepts/users/service-accounts.md) with the `backup.user` role or higher.
      * `--user-data`: Path to the previously created file with a script for installing the Cloud Backup agent on your VM.

      In this example, we are creating a VM running Windows Server 2022:

      ```bash
      yc compute instance create \
        --name my-vm \
        --zone ru-central1-b \
        --network-interface subnet-name=my-vpc-ru-central1-b,nat-ip-version=ipv4,security-group-ids=abcd3570sbqg******** \
        --create-boot-disk image-id=fd890bh2sapn********,size=60 \
        --cores 2 \
        --core-fraction 100 \
        --memory 4 \
        --service-account-name backup-user \
        --metadata-from-file user-data=init.ps1
      ```

      Result:

      ```text
      done (46s)
      id: abcdho6nspdk********
      folder_id: wasdcjs6be29********
      created_at: "2023-10-09T14:57:06Z"
      name: my-vm
      ...
      placement_policy: {}
      ```

      {% note info %}
      
      The commands [`yc compute instance create`](../../cli/cli-ref/compute/cli-ref/instance/create.md) | [`create-with-container`](../../cli/cli-ref/compute/cli-ref/instance/create-with-container.md) | [`update`](../../cli/cli-ref/compute/cli-ref/instance/update.md) | [`add-metadata`](../../cli/cli-ref/compute/cli-ref/instance/add-metadata.md) support substitution of environment variable values into VM metadata. When you execute a Yandex Cloud CLI command, these values, specified in the `user-data` key in `$<variable_name>` format, will be substituted into the VM metadata from the environment variables of the environment the command is executed in. 
      
      To change such behavior, i.e. to provide a variable name to the VM metadata in `$<variable_name>` format rather than take the variable value from the CLI command runtime environment, use the two-dollar syntax, e.g., `$$<variable_name>`.
      
      For more information, see [Specifics of providing environment variables in metadata via the CLI](../../compute/concepts/metadata/sending-metadata.md#environment-variables).
      
      {% endnote %}

{% endlist %}

When the VM switches to the `Running` status, the Cloud Backup agent will start installing on it. This may take from 10 to 30 minutes.

{% note info %}

If the Cloud Backup agent fails to install within 30 minutes, [contact](https://center.yandex.cloud/support) support for troubleshooting.

{% endnote %}

Once you install the Cloud Backup agent, the VM will be added to **Cloud Backup** in the ![machines](../../_assets/console-icons/server.svg) **Virtual machines** tab and you will be able to associate it with a [backup policy](../concepts/policy.md). If you selected a backup policy when creating the VM, then the VM is already associated with the policy and no further action is required.

#### See also {#see-also}

* [Connecting an existing Windows Server VM to Cloud Backup](connect-vm-windows.md)
* [Connecting an existing Linux VM to Cloud Backup](connect-vm-linux.md)
* [Linking a VM to a backup policy](policy-vm/update.md#update-vm-list)
* [Restoring a VM or Yandex BareMetal server from a backup](backup-vm/recover.md)
* [Delete backup](backup-vm/delete.md)
* [Creating a backup policy](policy-vm/create.md)