Allow backup storage devices without drive letters

[Daniel N.]

I think it would be a great improvement, if I could remove the drive letter from my portable backup storage device and still be able to register it in Veeam.

[Vitaliy S.]

That's interesting. Can you please elaborate a bit more on why don't you want to assign the drive letter?

[Dima P.]

if I could remove the drive letter from my portable backup storage device and still be able to register it in Veeam

While I am eager to hear the details behind you request too, can say that Endpoint Backup does not rely on the drive letters in terms of drive identification if we are talking about the removable storage.

[Daniel N.]

Windows Backup from Windows 7 and Windows Server 2008–20012R2 does it exactly that way.

Portable (or removable) storage will be formatted, the drive letter will be removed and the permissions will be altered so users and administrators (users in general) will not be able to accidentally alter the backup files. Thus creating an additional layer of protection. The drive letter is removed because that drive is not supposed to hold other data than backup data and users are supposed to use only Windows Backup to restore files from a backup. So there is no need to even show a drive letter.

So in fact, I do not need to see the drive. It's supposed to hold only my backups. Backups are supposed to be restored by Veeam only. And for that I like to not have to see a drive that is useless in any other sense than for backups.

Personally, I like the idea of how Windows Backup treats storage devices: "This device is for backup, keep your fingers out of it and I won't have to say: 'I told you so', later."

While I am eager to hear the details behind you request too, can say that Endpoint Backup does not rely on the drive letters in terms of drive identification if we are talking about the removable storage.

I am not sure if you are talking about technicalities that happen under the hood. So let me say that, when I remove the drive letter, I cannot choose it as a backup location. When I have the portable storage registered as a backup storage device, and I remove the drive letter afterwards, VEP asks me to connect the backup storage device. So for me as a user, Veeam needs a drive letter to work with.

[Vitaliy S.]

Thanks for sharing the use case, makes sense if there is a need to have additional layer of protection for created backups. On a side note, what if you want to copy these files somewhere? You will need to assign drive letter and this should not change the behavior of configured backup task, correct?

BTW, are you planning to use portable device for all Endpoint backups or there is one device for each Endpoint?

[Daniel N.]

makes sense if there is a need to have additional layer of protection for created backups

Don't forget, that it's annoying to have that drive in the explorer

On a side note, what if you want to copy these files somewhere? You will need to assign drive letter and this should not change the behavior of configured backup task, correct?

I would say so, too. If you would address the drive with the volume ID, that would be no problem. Run mountvol.exe in CMD to see what I am talking about.

BTW, are you planning to use portable device for all Endpoint backups or there is one device for each Endpoint?

I am using the software on my personal computer.
I don't know what your target audience with Endpoint Backup is. As a sysadmin myself, I would never backup client computers on a usb drive and use a network drive instead. Before backing up client cmoputers at all, I would evaluate all other options

Edit: If I had several personal computers, I would probably use one drive for all my computers. In that case I could imagine that the drive letter is removed, the drive "locked" for veeam backups, but enabled to be used for multiple computers.

Thanks for listening. I thoroughly enjoy that my suggestions are heard and making you curious

[Dima P.]

Personally, I like the idea of how Windows Backup treats storage devices: "This device is for backup, keep your fingers out of it and I won't have to say: 'I told you so', later."

Agree, this is a good idea - so we will definitely look into your feedback!

I am not sure if you are talking about technicalities that happen under the hood.

Let me paraphrase my previous post. We do not rely on the drive letter in terms of disk recognition (drive letter can be changed for removable devices, if it has been already taken by another removable device), but it should have a drive letter to be properly presented to the OS.

Don't forget, that it's annoying to have that drive in the explorer… Run mountvol.exe in CMD to see what I am talking about.

Have to disagree on this one. For most non-IT guys the situation may look scary: you plugged in the device, but it does not appear in my computer, so something is broken – call IT… Though, thinking of a temporary workaround in existing version, you should be able to mount the volume as a folder (somewhere in non root premises) and configure local backup to this folder.

[Daniel N.]

Have to disagree on this one. For most non-IT guys the situation may look scary: you plugged in the device, but it does not appear in my computer, so something is broken – call IT… Though, thinking of a temporary workaround in existing version, you should be able to mount the volume as a folder (somewhere in non root premises) and configure local backup to this folder.

I can see your point. One last suggestion, if I may. I could imagine having this as an option. Something like "Configure this storage device without drive letter (hidden)".

Your suggestion to mout the volume as a folder was also a good idea and I did it that way. Works really good and something I can live with. Thank you!

[Dima P.]

Agree we or not, this feature makes sense – so we will discuss it any way. Thanks

[consolerepair08]

I think we're all missing the biggest reason why Veeam really needs to implement a device ID solution for backup targets. The virus known as cryptowall v3.0 works by scanning the computer for mounted drive letters before encrypting the files within any mounted drives. THIS IS A BIG SECURITY RISK! whats the point of having a backup if that backup could also get infected?

More Information:
http://www.bleepingcomputer.com/virus-r ... nformation

CryptoWall will encrypt data files on network shares only if that network share is mapped as a drive letter on the infected computer. If it is not mapped as a drive letter, then CryptoWall will not encrypt any files on a network share.

[Dima P.]

Hello Jack,

I agree with the use case you shared, but I think backing up to the internal drive as well as leaving the USB backup target always connected (mounted or not) is beyond the backup best practices. The following article refers to the flagship product - Veeam Backup and Replication, nevertheless main principles could be applied for Veeam Endpoint Backup: How to follow the 3-2-1 backup rule

[JGGS]

I'm with Jack on this, say you've been infected with Cryptolocker/wall, it sits there until the computer is idle, Veeam completes its backup, the virus is triggered because the machine is idle and encrypts your data. If you've got a lot of changed data and need to leave it running for sometime that gives Crypto* a chance to encrypt the backup files, destroying the backup.

There are *other* products out there that do this, but Veeam is superior in most other ways, I just wish this one feature were in it.

[Dima P.]

Hi JGGS,
I agree, but there is an existing way of protecting against crypto locker threats (as well as against the complete hardware corruption) – use external storage like NAS, Veeam Backup & Replication repository or simple USB device

[jocoph]

am evaluating veeam endpoint and this is one area i checked right away if it allows backing up to none drive letter drive. Unfortunately, it still does not support it.

windows backup supports it but who knows , ransomware devs may soon find away to infect none drive letter drives.

[Sam62]

How is this still a thing since years when even the Veeam Agent Free can do this but the big and mighty Veeam Backup & Replication can not.
Having trouble with this all the time with several customers.

The agent does mount different volumes with the same drive letter - why can't Veeam B&R do this?!?