Folder Redirection permissions vis-a-vis backup
I am preparing a new server for a 25-user network. The current network uses a workgroup environment, so the project will involve joining all the workstation to the new domain without demotions or promotions being necessary. One objective is to utilize Folder Redirection of My Documents and Desktop folders to a share on the server in order to facilitate backup of the data files using Retrospect.
I have run into the permissions issues that are discussed, among other places, at https://www.experts-exchange.com/questions/22109789/Folder-redirection-permission-question.html
In order to avoid the permissions glitches that result from Folder Redirection, I set up my test users using default settings which block Administrator's access to the contents of the user folders in the share. Then I used Microsoft Backup to create a backup of the files and folders. I was able to perform the backup without fiddling with permissions or ownership, and I was also able to restore the files and folders to alternate locations and then open the files as Administrator. I had been expecting the Backup program to be unable to access and backup the files within the user folders, because I had not changed the permissions from the restrictive defaults as advised by http://support.microsoft.com/kb/288991 (a procedure which does not seem to resolve the rights issues it addresses without additional tinkering with permissions).
My question is whether there might be caveats or concerns about the integrity and utility of backups made with Retrospect if I do not change the default premissions for the redirected folders. Specifically, I do not wish to be required to specify the user login to the user folder in the share in order to backup the data files and folders that the user creates as owner of the folder. And I would like for the Administrator to be allowed to retrieve files and folders from backup sets without any security problems that might carry over from the permissions settings of the user folders. The Microsoft Backup program allows the deselection of the option to restore security settings.
My next step is to test the backup after installing Retrospect, but I would appreciate any insights or recommendations from folks who have had experience with this scenario.
Many thanks.
I have run into the permissions issues that are discussed, among other places, at https://www.experts-exchange.com/questions/22109789/Folder-redirection-permission-question.html
In order to avoid the permissions glitches that result from Folder Redirection, I set up my test users using default settings which block Administrator's access to the contents of the user folders in the share. Then I used Microsoft Backup to create a backup of the files and folders. I was able to perform the backup without fiddling with permissions or ownership, and I was also able to restore the files and folders to alternate locations and then open the files as Administrator. I had been expecting the Backup program to be unable to access and backup the files within the user folders, because I had not changed the permissions from the restrictive defaults as advised by http://support.microsoft.com/kb/288991 (a procedure which does not seem to resolve the rights issues it addresses without additional tinkering with permissions).
My question is whether there might be caveats or concerns about the integrity and utility of backups made with Retrospect if I do not change the default premissions for the redirected folders. Specifically, I do not wish to be required to specify the user login to the user folder in the share in order to backup the data files and folders that the user creates as owner of the folder. And I would like for the Administrator to be allowed to retrieve files and folders from backup sets without any security problems that might carry over from the permissions settings of the user folders. The Microsoft Backup program allows the deselection of the option to restore security settings.
My next step is to test the backup after installing Retrospect, but I would appreciate any insights or recommendations from folks who have had experience with this scenario.
Many thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to limit who can be a backup Admin based on your Corp. Security model. Usually it is just the Backup operators, and Admins, - and no one else., and this is usually close to the Default setup.
no one should be able to access your servers, and certainly not be able to run backups without the proper permissions.
no one should be able to access your servers, and certainly not be able to run backups without the proper permissions.
ASKER