none
Allowing a User to swap external Server Backup drive RRS feed

  • Question

  • There was a question on this 8 years ago but it was never satisfactorily answered.

    A customer wants an employee to be able to swap out the external (USB) Windows Backup drive, instead of requiring a senior person with Administrator privileges (e.g., the boss doesn’t want to stay late every Friday to do the swap; but doesn’t want to give Administrator privileges to junior users). 

     

    It would be very dangerous to have the person just yank the drive out without first logging in and Eject Media.  Even when you do the Eject Media, the server takes a long time of machinations to finally say it is safe to remove.

     

    I would expect that putting that person’s User account into the Backup Operators group would give them the ability to Eject Media, but it seems that it doesn’t.  Isn’t the most likely routine action of a Backup Operator to swap external drives?

     

    The policy setting “Devices: Allowed to format and eject removable media” would seem to be the problem, solved by changing the setting to allow Interactive Users.  But that doesn’t seem to be the solution. 

     

    Their server is 2012 Server Essentials R2, although I expect the same solution as regular Server (unfortunately.  The advantage of Essentials is that you should not have to dig into the bowels of Server where any change can easily have unintended consequences).

     

    Is there a good way to solve this issue?  Thanks.

     


    Peter

    Thursday, August 8, 2019 7:16 PM

All replies

  • Hi,

    Thanks for posting in our forum!

    Can I know why we need to change external backup drives frequently? Is it because we need to backup copies to different external drives every week?

    If that's the case, instead of replacing the drive, we can set up multiple backup tasks in task scheduler, such as backing up Monday's copy to external drive 1 and Tuesday's copy to external drive 2.

    If you are using a third-party backup tool, please contact the manufacturer to ask if support such a solution.

    In addition, I recommend that you discuss with the experts here at Essential Forum:

    https://social.technet.microsoft.com/Forums/en-US/91d124dc-d4bb-4906-adee-aeaa68b8ec0b/client-backup-backup-database-issues?forum=winserveressentials

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 9, 2019 6:38 AM
    Moderator
  • The frequency I mentioned is once a week.  For many businesses, I have found that to be a minimum.

    I am using regular Windows Server Backup.

    Every business that I set up, I use this swap method as the best way to do one of their server backups (a disaster recovery).  It has saved me (more so the customer) on several occasions.  I tell them that they cannot consider it a backup unless it is removed from the server and put in a safe place such as off site.  This is the only way to ensure against fire, flood, theft, pestilence, malware, ransomware, etc.  I don't see how that can be achieved if the backup is left plugged into the server.

    I was just called in to help a business that I did not set up and as such did not have this kind of backup (only had cloud backup).  They got hit by ransomware.  It was sad to see.  If it was a customer that I had setup with my above method, I would have them back up and running a little later the same day.

    As it was, eventually a large ransom was paid to get running again in a viable time.

    In an interesting side point, one workstation had a connected external drive to provide a local data backup using Windows 10 File History.  The ransomware encrypted all that.  But there was a Windows 7 Microsoft Backup that did not get encrypted, which we were able to fully recover (of great immediate benefit to the customer).

    The link you provided is to a question I submitted two years ago, for which no actual resolution has yet been found.

    Since my question here applies to any server, or even could apply to any version of Windows, I was hopeful of getting a resolution from this forum.

    Thank you,

    Peter


    Peter

    Friday, August 9, 2019 9:17 PM
  • Hi,
    I am sorry that this issue still hasn't been resolved. I need some time to do more research, i will update as soon as possible if i have any progress.

    Thanks for your understanding!

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 13, 2019 2:22 AM
    Moderator
  • Hi,
    I am sorry that this issue still hasn't been resolved. I need some time to do more research, i will update as soon as possible if i have any progress.

    Thanks for your understanding!

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Actually, I have been able to achieve the desired result in another server: A Backup Operator was able to Eject Media (without any other settings changes).  So maybe it only is an issue in certain situations.

    I have only been able to find a generic list of what permissions Microsoft gives to the Backup Operators group.  Is there somewhere where the exact permission differences are between Backup Operators and regular Users?

     

    Peter

    Thursday, August 29, 2019 9:20 PM
  • Something in here might be helpful:

    https://www.backup4all.com/what-are-backup-operators-kb.html


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 30, 2019 2:25 AM
    Moderator