Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
Frankfurt2014
Lurker
Posts: 2
Liked: never
Joined: Jan 11, 2017 5:33 pm
Full Name: Nico Stein
Contact:
Contact Frankfurt2014

Feature Request: Password protect Recovery Media

Post by Frankfurt2014 »

First off, I really enjoy the reliability of VEB. Makes backups so much more easier to maintain!
Now, I have integrated the Recovery Media ISO into the bootmenu of some of my Windows 7 stations. Tier 1 can then boot directly into the recovery media and pull the backup from a Veeam repo. All is working perfectly.
The only thing that I wish was for the recovery media to be prompting for a password before booting up. Currently an enduser could boot int VEB Recovery and, since it has cool tools :D, reset the local admin account.
Would be nice to be able to prevent this.
Top
Vitaliy S.
VP, Product Management
Posts: 27625
Liked: 2880 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:
Contact Vitaliy S.

Re: Feature Request: Password protect Recovery Media

Post by Vitaliy S. »

Hi Nico,

Even if we had this feature available, users would still be able to create their own recovery media (from external computer) and then boot from it bypassing your embedded recovery media. Maybe there should be other options to address this use case?

Thanks!
Top
Mike Resseler
Product Manager
Posts: 8270
Liked: 1346 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:
Contact Mike Resseler

Re: Feature Request: Password protect Recovery Media

Post by Mike Resseler »

Nico,

The moment an end-user has physical access to its computer, and the possibility to boot from DVD / USB he/she can boot from whatever image that can be downloaded to reset passwords and more. So what you are looking at needs more than just a password on our recovery media :-)

I am actually not sure if the windows recovery image we modify supports password protection but we can look at that. However, I would look more into a few things to avoid an end-user to succeed in this.

1. Make sure your BIOS is protected with a company wide administrator password so your end-users can't change anything (So no more booting from USB or DVD unless you change it as admin)
2. Don't let the boat loader appear so your end-users can't see it. (Administrators know how to get into it)

But in the end, a smart end-user probably knows how to get into it. I know you can password protect booting, but I don't know if you can password protect a single instance in a boot loader menu
Top
Frankfurt2014
Lurker
Posts: 2
Liked: never
Joined: Jan 11, 2017 5:33 pm
Full Name: Nico Stein
Contact:
Contact Frankfurt2014

Re: Feature Request: Password protect Recovery Media

Post by Frankfurt2014 »

Vitaly and Mike,

all good points. Yes, a smart user would gain access to the computer. I was more worried about a user rebooting a machine and "exploring" the other boot option.
Thanks,

Nico
Top
Dima P.
Product Manager
Posts: 14833
Liked: 1785 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:
Contact Dima P.

Re: Feature Request: Password protect Recovery Media

Post by Dima P. »

Thanks Nico. Good request - we will discuss it with the team.
Top
Post Reply

Return to “Veeam Agent for Microsoft Windows”



Who is online

Users browsing this forum: Graeme E and 5 guests