none
Restricting view/restore access to protected data RRS feed

  • Question

  • I'm using DPM 2012 in my home network and it works very good so far. I'm really missing a feature to restrict access to data from client computers. Right now, all domain admins can view everyone's private data in the admin console. Is it somehow possible to, say, restrict access to data from certain protection groups or clients to those users that have admin access on those clients, or something similar? Right now, nobody can give themselves access to view data on someone else's workstations without them noticing, but this is not the case with DPM.

    (I am aware that domain admins can basically change anything I restrict, unless I remove rights to do that as well. I'm not looking for an airtight solution, just want to prevent access from within the DPM management console, preferably without removing acess to it altogether.)

    Right now I see no other option than to use DPM for servers and third party software for workstations. Any suggestions on how to avoid having to do that are very welcome. Thanks!




    • Edited by RandomN Thursday, May 31, 2012 11:17 PM
    Thursday, May 31, 2012 11:11 PM

Answers

  • I'm using DPM 2012 in my home network and it works very good so far. I'm really missing a feature to restrict access to data from client computers. Right now, all domain admins can view everyone's private data in the admin console. Is it somehow possible to, say, restrict access to data from certain protection groups or clients to those users that have admin access on those clients, or something similar? Right now, nobody can give themselves access to view data on someone else's workstations without them noticing, but this is not the case with DPM.

    (I am aware that domain admins can basically change anything I restrict, unless I remove rights to do that as well. I'm not looking for an airtight solution, just want to prevent access from within the DPM management console, preferably without removing acess to it altogether.)

    Right now I see no other option than to use DPM for servers and third party software for workstations. Any suggestions on how to avoid having to do that are very welcome. Thanks!




    Hi Random,

    What you are looking for is not possible with DPM as of yet. DPM 2012 does have role based access for admins via SCOM. This is task based security only. For example a user could be locked out from being able to recover data but could still view the data.

    The built in security roles that DPM 2012 comes with are: Read-Only User, Recovery Operator, Reporting Operator, Tape Operator and Tape Admins.

    My Blog | www.buchatech.com | www.dpm2010.com

    If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!


    Friday, June 1, 2012 2:12 AM
    Moderator