Forum Discussion

molotov's avatar
molotov
Level 4
15 years ago

Delegating administrative privilege

Hello,

Can i delegate administrative privilegies of BackupEXEc for ActiveDirectory group\user?
If no, how can i give access to managing BackupEXEc without giving administrative rights on the windows server which is BE media server?

thanks
2010
Backup and Recovery
Backup Exec
Basics
Best Practice
Tip-How to
  • Colin_Weaver's avatar
    Colin_Weaver
    15 years ago

    Currently we don't really have role based administration - although it is being considered for a yet to be determined future version.
    You can enable some security using restricted acccounts - but this only limits the ability to change jobs using certain selection lists that need the restricted accounts, it does not limit the use of the console itself and will not stop a console user from say - doing a redirected restore of some data to somewhere they do have permissions so that they can access the data - although if you encrypt your data and restrict the encryption keys you can block some restroe functionality too.

    As there are other items that any console user can do / change, currently, you do have to trust your console users.

4 Replies

Sort By
  • Dev_T's avatar
    Dev_T
    Level 6
    15 years ago
    Hello,

    Backup Exec does not talk with AD. Backup Exec Service Account must be a member of Domain Admin group and we need to add the same credentials in Backup Exec and make it a System Account. If you change the password in AD you need to manually change the password in Backup Exec.

    Hope this helps...
  • molotov's avatar
    molotov
    Level 4
    15 years ago
    But a talk about administrative personnel. I need give access to BackupEXec for some users in IT department.
  • Dev_T's avatar
    Dev_T
    Level 6
    15 years ago
    You can add a NEW account in BE just as a user, the user account has limited rights on BE...
  • Colin_Weaver's avatar
    Colin_Weaver
    Moderator
    15 years ago

    Currently we don't really have role based administration - although it is being considered for a yet to be determined future version.
    You can enable some security using restricted acccounts - but this only limits the ability to change jobs using certain selection lists that need the restricted accounts, it does not limit the use of the console itself and will not stop a console user from say - doing a redirected restore of some data to somewhere they do have permissions so that they can access the data - although if you encrypt your data and restrict the encryption keys you can block some restroe functionality too.

    As there are other items that any console user can do / change, currently, you do have to trust your console users.