Deny user to restore on their own

[jdelahaye]

hello,

Veeam endpoint backup is installed on various laptops, and it is set to use a service account to a data domain witch is a VBR repository in the goal to back up data.

The VBR server isn't integrated in a active directory domain.

The solution i am working to is to use a single veeam backup operator user allowed to connect to a repository and being used by all employees who want to save data.

The problem is the following:
Some users are local administrator of their laptop and can access to the file level restore tool.
The fact that a single veeam user is craeted to write onto a repository enable employees to restore data from other people.

I am seeking for a mean to deny all users to restore data on their own and to centralize restoration tasks to a veeam backup adminstrator user.

Is that possible?

Best regards

[Dima P.]

Hi Jacky,

Any recovery option in VEB requires local admin (due mount and actual restore requirements). Regular user account does not have access or should get a UAC prompt. If user is a local admin there is no way to block the recovery. Deleting all the recovery shortcuts might help but won’t solve this.

The solution might be to set a dedicated backup account for every admin user (or use computer account in case AD) – then users will see only backup files made for this dedicated account and wont see backup files for the rest of the users.

[jdelahaye]

HI Dima,
thank you for you prompt answer,
The society i am working for prefer to not join this server on an active directory domain but i think, as you, to use active directory credential is the best solution to make users the only owner of their backup. It the only solution i see to solve this security issue.

Non admin user depend of support to restore their data and admins will be able to access only to their backup.

Can you tell me if i am wrong?

Best regards