Deny user to restore on their own

Availability for the Always-On Enterprise

Deny user to restore on their own

Veeam Logoby jdelahaye » Wed Nov 09, 2016 11:45 am

hello,

Veeam endpoint backup is installed on various laptops, and it is set to use a service account to a data domain witch is a VBR repository in the goal to back up data.

The VBR server isn't integrated in a active directory domain.

The solution i am working to is to use a single veeam backup operator user allowed to connect to a repository and being used by all employees who want to save data.

The problem is the following:
Some users are local administrator of their laptop and can access to the file level restore tool.
The fact that a single veeam user is craeted to write onto a repository enable employees to restore data from other people.

I am seeking for a mean to deny all users to restore data on their own and to centralize restoration tasks to a veeam backup adminstrator user.

Is that possible?

Best regards
jdelahaye
Enthusiast
 
Posts: 26
Liked: 1 time
Joined: Tue Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye

Re: Deny user to restore on their own

Veeam Logoby Dima P. » Wed Nov 09, 2016 3:50 pm

Hi Jacky,

Any recovery option in VEB requires local admin (due mount and actual restore requirements). Regular user account does not have access or should get a UAC prompt. If user is a local admin there is no way to block the recovery. Deleting all the recovery shortcuts might help but won’t solve this.

The solution might be to set a dedicated backup account for every admin user (or use computer account in case AD) – then users will see only backup files made for this dedicated account and wont see backup files for the rest of the users.
Dima P.
Veeam Software
 
Posts: 6494
Liked: 452 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Deny user to restore on their own

Veeam Logoby jdelahaye » Wed Nov 09, 2016 5:11 pm

HI Dima,
thank you for you prompt answer,
The society i am working for prefer to not join this server on an active directory domain but i think, as you, to use active directory credential is the best solution to make users the only owner of their backup. It the only solution i see to solve this security issue.

Non admin user depend of support to restore their data and admins will be able to access only to their backup.

Can you tell me if i am wrong?

Best regards
jdelahaye
Enthusiast
 
Posts: 26
Liked: 1 time
Joined: Tue Nov 08, 2016 9:27 am
Full Name: Jacky Delahaye


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Bing [Bot] and 80 guests