?
Solved

Restrict C drive from EMC networker restoration console

Posted on 2013-06-21
6
Medium Priority
?
510 Views
Last Modified: 2013-07-01
Hi,
We are using EMC Networker version 8.0.1 for backup and restoration. Now we want to restrict/hide C drive from networker's restoration console.
I have prepared a group policy to restrict C drive and applied that group policy on backup user (which is being used to all backup and restoration jobs). C drive got hide when i login/RDP on any server thru backup ID but it still appeared/accessible from networker restoration console on all servers.

Please help me and let me know a way to achieve that.

We are using 2008 and 2012 servers and they all are on domain.
0
Comment
Question by:pdixit1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 20

Expert Comment

by:strivoli
ID: 39268008
a. Which groups does the user belong to?
b. You want to restrict/hide but still want to backup data stored on C:?
0
 
LVL 14

Expert Comment

by:theruck
ID: 39269955
you can not achieve that as the networker client process is running under an account which has to have rights to backup and restore. anyway you described only how you want to achieve something but it would be better if you tell us what you really need to achieve and maybe we could find another, proper and working way as your idea is not the right approach
0
 

Author Comment

by:pdixit1977
ID: 39275195
Sorry for delayed reply.

@strivoli :
1. they belongs to backup operator.
2. i want to restrict them completely on c drive, no backup and no restoration.


@theruck:
we have several branch office and each office have their own local IT team of 1-2 guys. Backup will run from central backup ID which is being mantained by backup team.
Local IT will take care of all restorations to their particular sites but these guys are not very much familiar/technical with backup application hence we want to restrict them on c drive so that even by accident/mistake they dont crash anything.

Hope i explained it, please let me know if you need anymore information.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 14

Assisted Solution

by:theruck
theruck earned 375 total points
ID: 39275663
to be able to restore they need to have filesystem rights. the user profiles reside in the C:\ drive by default. i think you will need to build a trust in your IT stuff at branches or teach them how to do it. i can not see a way how you would secure your data from IT stuff mistake.
it is even in the documentation of networker as a first restore step

To recover the NetWorker client or storage node data:
1. Log on to Windows with local administrator privileges.

that says it all i think.
also keep ion mind that persons dealing with company data need to be trained and trusted as if you have access to a backup server you have access to all the data backed up (in general)
0
 
LVL 20

Accepted Solution

by:
strivoli earned 375 total points
ID: 39275968
Backup Operators can access any file (for backup and restore operations) by design. Your only chance is:
a. Assign the account to (only) a newly created group (call it "Demoted Backup Operators"),
b. Deny access to C: to the account only,
c. Allow access to other logical disks (such as D:?) to the account only in order to let him perform backups and restores.
0
 

Author Closing Comment

by:pdixit1977
ID: 39291909
thanks
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question