Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Restrict C drive from EMC networker restoration console

Posted on 2013-06-21
6
Medium Priority
?
515 Views
Last Modified: 2013-07-01
Hi,
We are using EMC Networker version 8.0.1 for backup and restoration. Now we want to restrict/hide C drive from networker's restoration console.
I have prepared a group policy to restrict C drive and applied that group policy on backup user (which is being used to all backup and restoration jobs). C drive got hide when i login/RDP on any server thru backup ID but it still appeared/accessible from networker restoration console on all servers.

Please help me and let me know a way to achieve that.

We are using 2008 and 2012 servers and they all are on domain.
0
Comment
Question by:pdixit1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 20

Expert Comment

by:strivoli
ID: 39268008
a. Which groups does the user belong to?
b. You want to restrict/hide but still want to backup data stored on C:?
0
 
LVL 14

Expert Comment

by:theruck
ID: 39269955
you can not achieve that as the networker client process is running under an account which has to have rights to backup and restore. anyway you described only how you want to achieve something but it would be better if you tell us what you really need to achieve and maybe we could find another, proper and working way as your idea is not the right approach
0
 

Author Comment

by:pdixit1977
ID: 39275195
Sorry for delayed reply.

@strivoli :
1. they belongs to backup operator.
2. i want to restrict them completely on c drive, no backup and no restoration.


@theruck:
we have several branch office and each office have their own local IT team of 1-2 guys. Backup will run from central backup ID which is being mantained by backup team.
Local IT will take care of all restorations to their particular sites but these guys are not very much familiar/technical with backup application hence we want to restrict them on c drive so that even by accident/mistake they dont crash anything.

Hope i explained it, please let me know if you need anymore information.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 14

Assisted Solution

by:theruck
theruck earned 375 total points
ID: 39275663
to be able to restore they need to have filesystem rights. the user profiles reside in the C:\ drive by default. i think you will need to build a trust in your IT stuff at branches or teach them how to do it. i can not see a way how you would secure your data from IT stuff mistake.
it is even in the documentation of networker as a first restore step

To recover the NetWorker client or storage node data:
1. Log on to Windows with local administrator privileges.

that says it all i think.
also keep ion mind that persons dealing with company data need to be trained and trusted as if you have access to a backup server you have access to all the data backed up (in general)
0
 
LVL 20

Accepted Solution

by:
strivoli earned 375 total points
ID: 39275968
Backup Operators can access any file (for backup and restore operations) by design. Your only chance is:
a. Assign the account to (only) a newly created group (call it "Demoted Backup Operators"),
b. Deny access to C: to the account only,
c. Allow access to other logical disks (such as D:?) to the account only in order to let him perform backups and restores.
0
 

Author Closing Comment

by:pdixit1977
ID: 39291909
thanks
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question