Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
jdelahaye
Enthusiast
Posts: 26
Liked: 1 time
Joined: Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye
Contact:

file level restore as user : found ! but is it legal

Post by jdelahaye » Nov 17, 2016 11:10 am

Hi,

We are some people here who want to allows users to restore files on their own
I tried to change the manifest value in the FLR exe file from requireAdministrator to asInvoker and it was working.

But i have some questions before using that solution

Is that legal to modify only the manifest file
if not, can veeam developper supply an exe with a asInvoker manfest ?

please note: I did it in test purpose ONLY.

Best regards

Dima P.
Product Manager
Posts: 9905
Liked: 789 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: file level restore as user : found ! but is it legal

Post by Dima P. » Nov 17, 2016 3:36 pm

Hi Jacky,

It's ok - no worries. I mostly interested were you able to restore the file without admin account? I was told that some operations (like mounting backup) are impossible without administrative account...

jdelahaye
Enthusiast
Posts: 26
Liked: 1 time
Joined: Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye
Contact:

Re: file level restore as user : found ! but is it legal

Post by jdelahaye » Nov 17, 2016 4:01 pm

i have only tested to restore file with a non admin account from the control panel.

i have used resource tuner to modify the MANIFEST resource inside the FLR exe file.
I have altered the value from requireAdmin to asInvoker

problem solved but i refuse to use that solution before beeing sure this isn't unlawful.

doc was restored in D:\ and personnal files folders only.



Best regards

Mike Resseler
Product Manager
Posts: 5584
Liked: 584 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: file level restore as user : found ! but is it legal

Post by Mike Resseler » Nov 17, 2016 4:09 pm

Jacky,

I perfectly understand that you refuse to use it before you are sure you are not doing something illegal. I would be the same :-) That being said. I am intrigued by it (and I am sure Dima is also :-)). I used asInvoker before (other projects) but it doesn't always gave me the results that I expected. Sometimes I needed asAdministrator in the manifest to get the work done... It actually surprises me (considering what we do in the backend that this would be enough rights but here you go :-)).

Dima and his team are extremely busy at this moment, but I wonder if you could (PM to Dima or me is fine) give me the exact steps that you did. Maybe our development team can reproduce it and then go through the logs what is happening and who knows... It might even get implemented :-) (Although we have to think about other things such as when is it allowed as a user, when not etc... But that is up for discussion among us :-))

Thanks
Mike

jdelahaye
Enthusiast
Posts: 26
Liked: 1 time
Joined: Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye
Contact:

Re: file level restore as user : found ! but is it legal

Post by jdelahaye » Nov 17, 2016 4:41 pm

I feel really really angry,
I can't reproduce what i did, there is no way to connect to a repository if i lanch the FLR without admin rights from an local account. Veeam b&r is joined into a domain and i have given permission to everyone to write onto the repo.

I have made a test with my domain account wich give me administration rights.
It's a shame that i did those tests with a such account

Sorry

Dima P.
Product Manager
Posts: 9905
Liked: 789 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: file level restore as user : found ! but is it legal

Post by Dima P. » Nov 17, 2016 10:38 pm

Hi Jacky,

Thank you for being creative and additional thank you for being honest. As I said before there is a technical limitation on some windows operations that could not be performed under non-admin account. Restore wizard may work, but actual restore process wont. We are aware of this behavior and working on a solution.

jdelahaye
Enthusiast
Posts: 26
Liked: 1 time
Joined: Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye
Contact:

Re: file level restore as user : found ! but is it legal

Post by jdelahaye » Nov 18, 2016 8:34 am

hi,
I do some type of mistake because i am just starting in a IT job.
I should think before of that limitation and it is quite normal for security issue.

I have decided to create a new process in wich user who lose date will call our suport in the goal to a restore operator retrieve lost date from veeam b&r console and push data to a shared folder on the the laptop (D:\RESTORE on all laptop).
NTFS Permissions on the folder are modify for user and write only for operator.

I have written a procedure for the support team too.



Best regards

Dima P.
Product Manager
Posts: 9905
Liked: 789 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: file level restore as user : found ! but is it legal

Post by Dima P. » Nov 18, 2016 5:40 pm

Jacky,

Sounds like a good plan.

jdelahaye
Enthusiast
Posts: 26
Liked: 1 time
Joined: Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye
Contact:

Re: file level restore as user : found ! but is it legal

Post by jdelahaye » Nov 18, 2016 6:21 pm

My boss have accepted my plan and I have submitted to him an itil process.
Thanks for your compliment

My solution is making the computer the owner of the archive and it is perfectly fine for laptops.
Veeam can be deployed via sccm with an auto it script wich contain zero ID for auto configuration.
The sole info on the auto it script is the repo name

Best regards

jdelahaye
Enthusiast
Posts: 26
Liked: 1 time
Joined: Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye
Contact:

Re: file level restore as user : found ! but is it legal

Post by jdelahaye » Nov 18, 2016 6:37 pm

Sorry for having suggested you to change only the manifest. Due to the quality of your software, I should known your are too experimented to do that sort of mistake

Mike Resseler
Product Manager
Posts: 5584
Liked: 584 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: file level restore as user : found ! but is it legal

Post by Mike Resseler » Nov 21, 2016 6:56 am

Jacky,

No apologies needed. We like this type of ideas. We do make mistakes from time to time and these type of messages can help us in making important changes to the solution. This one won't work but hey, another idea might be a good one...

Markus Doll
Novice
Posts: 4
Liked: never
Joined: Jun 30, 2016 8:12 am
Full Name: Markus Doll
Contact:

Re: file level restore as user : found ! but is it legal

Post by Markus Doll » Feb 21, 2017 10:37 am

Dear all,

has there been any progress with regard to this topic?

We switch all of our clients to Veeam Endpoint Backup and are basically very happy with it.

The only thing that drives us crazy is the file level restore that keeps asking for admin credentials.

Your feedback is much appreciated.

Thanks!

Best,
Markus

Vitaliy S.
Product Manager
Posts: 22431
Liked: 1442 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: file level restore as user : found ! but is it legal

Post by Vitaliy S. » Feb 21, 2017 1:43 pm

Markus, this will remain the same for v2 release, but this capability is still on our radar.

Post Reply

Who is online

Users browsing this forum: ianbutton1 and 11 guests