Solved

Restrict C drive from EMC networker restoration console

Posted on 2013-06-21
6
505 Views
Last Modified: 2013-07-01
Hi,
We are using EMC Networker version 8.0.1 for backup and restoration. Now we want to restrict/hide C drive from networker's restoration console.
I have prepared a group policy to restrict C drive and applied that group policy on backup user (which is being used to all backup and restoration jobs). C drive got hide when i login/RDP on any server thru backup ID but it still appeared/accessible from networker restoration console on all servers.

Please help me and let me know a way to achieve that.

We are using 2008 and 2012 servers and they all are on domain.
0
Comment
Question by:pdixit1977
  • 2
  • 2
  • 2
6 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39268008
a. Which groups does the user belong to?
b. You want to restrict/hide but still want to backup data stored on C:?
0
 
LVL 14

Expert Comment

by:theruck
ID: 39269955
you can not achieve that as the networker client process is running under an account which has to have rights to backup and restore. anyway you described only how you want to achieve something but it would be better if you tell us what you really need to achieve and maybe we could find another, proper and working way as your idea is not the right approach
0
 

Author Comment

by:pdixit1977
ID: 39275195
Sorry for delayed reply.

@strivoli :
1. they belongs to backup operator.
2. i want to restrict them completely on c drive, no backup and no restoration.


@theruck:
we have several branch office and each office have their own local IT team of 1-2 guys. Backup will run from central backup ID which is being mantained by backup team.
Local IT will take care of all restorations to their particular sites but these guys are not very much familiar/technical with backup application hence we want to restrict them on c drive so that even by accident/mistake they dont crash anything.

Hope i explained it, please let me know if you need anymore information.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 14

Assisted Solution

by:theruck
theruck earned 125 total points
ID: 39275663
to be able to restore they need to have filesystem rights. the user profiles reside in the C:\ drive by default. i think you will need to build a trust in your IT stuff at branches or teach them how to do it. i can not see a way how you would secure your data from IT stuff mistake.
it is even in the documentation of networker as a first restore step

To recover the NetWorker client or storage node data:
1. Log on to Windows with local administrator privileges.

that says it all i think.
also keep ion mind that persons dealing with company data need to be trained and trusted as if you have access to a backup server you have access to all the data backed up (in general)
0
 
LVL 19

Accepted Solution

by:
strivoli earned 125 total points
ID: 39275968
Backup Operators can access any file (for backup and restore operations) by design. Your only chance is:
a. Assign the account to (only) a newly created group (call it "Demoted Backup Operators"),
b. Deny access to C: to the account only,
c. Allow access to other logical disks (such as D:?) to the account only in order to let him perform backups and restores.
0
 

Author Closing Comment

by:pdixit1977
ID: 39291909
thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now