Feature Request: Password protect Recovery Media

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Feature Request: Password protect Recovery Media

Veeam Logoby Frankfurt2014 » Wed Jan 11, 2017 5:54 pm

First off, I really enjoy the reliability of VEB. Makes backups so much more easier to maintain!
Now, I have integrated the Recovery Media ISO into the bootmenu of some of my Windows 7 stations. Tier 1 can then boot directly into the recovery media and pull the backup from a Veeam repo. All is working perfectly.
The only thing that I wish was for the recovery media to be prompting for a password before booting up. Currently an enduser could boot int VEB Recovery and, since it has cool tools :D, reset the local admin account.
Would be nice to be able to prevent this.
Frankfurt2014
Lurker
 
Posts: 2
Liked: never
Joined: Wed Jan 11, 2017 5:33 pm
Full Name: Nico Stein

Re: Feature Request: Password protect Recovery Media

Veeam Logoby Vitaliy S. » Wed Jan 11, 2017 8:43 pm

Hi Nico,

Even if we had this feature available, users would still be able to create their own recovery media (from external computer) and then boot from it bypassing your embedded recovery media. Maybe there should be other options to address this use case?

Thanks!
Vitaliy S.
Veeam Software
 
Posts: 19974
Liked: 1145 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: Feature Request: Password protect Recovery Media

Veeam Logoby Mike Resseler » Thu Jan 12, 2017 6:38 am

Nico,

The moment an end-user has physical access to its computer, and the possibility to boot from DVD / USB he/she can boot from whatever image that can be downloaded to reset passwords and more. So what you are looking at needs more than just a password on our recovery media :-)

I am actually not sure if the windows recovery image we modify supports password protection but we can look at that. However, I would look more into a few things to avoid an end-user to succeed in this.

1. Make sure your BIOS is protected with a company wide administrator password so your end-users can't change anything (So no more booting from USB or DVD unless you change it as admin)
2. Don't let the boat loader appear so your end-users can't see it. (Administrators know how to get into it)

But in the end, a smart end-user probably knows how to get into it. I know you can password protect booting, but I don't know if you can password protect a single instance in a boot loader menu
Mike Resseler
Veeam Software
 
Posts: 3382
Liked: 384 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Feature Request: Password protect Recovery Media

Veeam Logoby Frankfurt2014 » Mon Jan 23, 2017 2:07 pm

Vitaly and Mike,

all good points. Yes, a smart user would gain access to the computer. I was more worried about a user rebooting a machine and "exploring" the other boot option.
Thanks,

Nico
Frankfurt2014
Lurker
 
Posts: 2
Liked: never
Joined: Wed Jan 11, 2017 5:33 pm
Full Name: Nico Stein

Re: Feature Request: Password protect Recovery Media

Veeam Logoby Dima P. » Mon Jan 23, 2017 11:06 pm

Thanks Nico. Good request - we will discuss it with the team.
Dima P.
Veeam Software
 
Posts: 6698
Liked: 479 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov


Return to Veeam Agent for Windows



Who is online

Users browsing this forum: Bing [Bot] and 1 guest