cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

How to leverage Backup Exec's Remote Console

CraigV
Moderator
Moderator
Partner    VIP    Accredited

on ‎11-06-2009 02:12 AM

We've gone through a process of removing all our site reps from the Domain Administrators group. The main issue for this was a security requirement to not allow them to have too much power. No sense in having them break anything on our servers to test our DR recovery capabilities.
The big question then was what to do in order to get the site reps to check their site server backups without having them log onto the server. Enter Backup Exec's Remote Console.
This allowed us to have the site rep log onto their Backup Exec server instance without logging onto the server directly. They were then able to do what they needed to do in order to check backups, respond to any issues, and as a result, log calls based on that. That would mean they would also have rely on logging onto their instance, instead of waiting for job logs, meaning faster responses.
The Backup Exec Remote Console was set up to run off their laptop/desktop using a universal service account. Doing this meant management of 1 account that would be granted the necessary rights to the server and each instance of BEWS, instead of multiple accounts.
First off, a service account was created in Active Directory which had the necessary rights. Once done, this service account was added as a user on each Backup Exec server.
From there, the site reps were directed to install the Remote Console on their respective workstations as follows:

1. Browse to the installation directory, and launch Browser.exe from the installation location for the site (already pre-populated and shared for them) and click Next.
2. Choose "Start the Backup Exec Installation", and click Next.
3. Click Next, accept the License Agreement, and click Next again.
4. At the Symantec Backup Exec for Windows Servers Install Menu, make sure Local Install is selected, and Install Remote Administration Console Only will be the only option available under that. Click Next.
5. Leave the Destination Folder as is for the installation path, and click Next.
6. Choose Install.
7. Click Finish after deselecting the other options when the installation completes.

Not many people either know about this functionality, or use it. It has the major security advantage of not having direct logons onto your server which could open up all sorts of issues if someone pushes the incorrect button for example.
The interface is exactly the same as Backup Exec's, so there is no extra learning curve needed, and it has the same functionality as if you logged directly onto the server first.
It is a really great part of Backup Exec, which makes life a lot easier when managing your server. Furthermore, if you don't have the license for CASO, you can use this Remote Console to log onto any Backup Exec servers in your environment.
Administration just got easier...
Comments
Chonny
Not applicable
‎12-02-2009 10:37 AM
Thanks - that will be useful for me, even though I do have a server Admin login, as it will save me from having to RDP to the server!
CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎12-17-2009 12:19 AM
=)

Yeah, it works very well...my main problem now being to get these site reps to actually use it, instead of me still continuing to hold their hands!
RHKing
Level 3
‎04-28-2011 05:45 AM

You Rock CraigV!

Would this also work if you added them as a Guest to further restrict their capabilities?

CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎04-28-2011 06:39 AM

I personally haven't tried that, but it's worth a go. You can;t do any harm with that, and if it doesn't work, simply move them into a group with the next highest permissions on the local server...

TheoGeerman
Not applicable
‎12-18-2012 11:32 AM

Hi There, I have a question please. 

I have a user named Curt, he is a regular user in the AD, which rights should I give him in order for him to be able to bu autenticated by BE as a backup user which can stop a runing backup that must be stoped and also if he need to verify if a job has succesfully ended?

I will apreciate your help

Kind Regards, 

Theo

akaw
Level 4
‎02-11-2013 01:11 AM

Hi Craige,

 

Small questions,

Whe do I install the Browser.exe? in Back exe server or in particular desktop? 

Thanks 

CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎02-11-2013 06:54 AM

...doesn't matter. You can install the RC from there. browser.exe brings up a splash screen from where you can make your selection!

akaw
Level 4
‎02-14-2013 01:24 AM

Hi,

 

There's no brower.exe in installation directory, any link to download? 

CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎02-14-2013 02:01 AM

...check in the root of the ISO/DVD...the exe there launches the installation. Used to be browser.exe, but might have changed!

akaw
Level 4
‎02-14-2013 02:07 AM

thanks!!!! 

RygarVoltron
Level 3
‎10-25-2013 08:06 AM

This wont work on a Windows XP machine I just found out.

CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎10-26-2013 07:31 AM

...well, which version of BE? And what is the issue?

Thanks!

tcarder
Not applicable
‎01-09-2014 07:54 AM
Thank you for the good advice. This post is referenced in almost every post on this site that relates to giving access to non-domain admin users, so it must be authoritative on this topic. I am failing to understand one part of the original post: "The Backup Exec Remote Console was set up to run off their laptop/desktop using a universal service account." I don't see a Windows service for Symantec/Backup Exec after installing the Remote Console on a desktop computer. Please advise. Thank you in advance for your help. I appreciate it. ===== I found the answer to this question myself. Each time you launch the remote console on a computer, it prompts you for logon credentials for the media server (servername/username/password). The problem with this is that I want helpdesk users to be able to use this console, without giving them access to a domain admin account credentials. I wished these credentials could be saved somewhere on the local computer so that the helpdesk users are not prompted. Symantec needs to implement RBAC soon.
BackupDawg
Level 4
‎03-11-2014 05:20 AM

"First off, a service account was created in Active Directory which had the necessary rights. Once done, this service account was added as a user on each Backup Exec server."

C.V. - did you have to give the account in AD any special permmisions? (logon local etc)

 

cheers

 

 

CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎03-11-2014 05:29 AM

Hi,

 

Nope, it was a standard account. I made it a member of the Local Admins group on the media server only. Backup Operators group doesn't seem to have the necessary rights to do what I needed the site reps to do.

Thanks!

BalaP
Level 3
Partner Accredited Certified
‎04-25-2014 09:45 PM

Hi Craig,

 

Thanks for sharing...

 

Regards,

CraigV
Moderator
Moderator
Partner    VIP    Accredited
‎04-26-2014 04:15 AM

...I hope it helps!

Thanks!

pxtian
Level 4
‎11-23-2014 12:22 PM

Hi CraigV,

I have done this recently and so far it works. My only other concern is the licensing. Will this require a separate license? This remote console will be used by about 3 people. Thanks.

Version history
Last update:
‎11-06-2009 02:12 AM
Updated by:
Moderator