Comprehensive data protection for all workloads
Post Reply
Sankar
Lurker
Posts: 2
Liked: never
Joined: Jul 02, 2021 3:17 pm
Full Name: Sankar Pillai
Contact:

Restricting Access to VBR

Post by Sankar »

Hello,
Recently we noticed that the System Administrator of the Server has admin access to VBR. Anyone part of the Local System Administrator group will have access to VBR and it's a serious concern in terms of security as the local admin group will have members from various support teams. As per the response from the Veeam support case, it was confirmed that this is how it works.

Now we are looking for mitigating this issue, Do we have an option to restrict or limit that access to VBR?

Thanks,
Sankar
Mildur
Product Manager
Posts: 10984
Liked: 3016 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Restricting Access to VBR

Post by Mildur » 1 person likes this post

Hi Sankar

Users with local admin permissions have always access to all data and processes on a server. Even if you remove vbr permissions for the local administrator, they have the power to get this permissions back.

When you are talking about „as the local admin group will have members from various support teams“, it looks like your server is in the production domain (Domain Admins have Local Admin permission) or you gave them an local admin user to use rdp for remote access to open the vbr console.

That would be my first thing todo, remove the backup server from the production domain. And if you gave them local admins for remote access todo restores, ask yourself, why various support teams needs remote access to the server.
If you want them to have the possibility todo restores, use Enterprise Manager or use vbr console remotely from a management server. The local user for the vbr console should only have Restore Operator permission. Don‘t give put the local windows user in the local administrators group.

You can find more about hardening your vbr server here.
Product Management Analyst @ Veeam Software
Post Reply

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], Google [Bot] and 21 guests