12-07-2011 06:31 AM
Hola. Tengo que delegar la administracion de los respaldos a otros usuarios pero sin darles permisos excesivos.
Actualmente el usuario con que se realizan los respaldos es domain admin.
Como hago para definir otro usuario en BE sin darle permisos administrativos sobre los servidores???.
Es decir que pueda manejar la consola completamente ( remota, instalada en su pc) pero que los respaldos se sigan realizando con el usuario que ya tiene el backup exec como system account. También debe poder crear jobs nuevos.
Hasta ahora lo que hice fue: creé una nueva "logon account" en BE la cual coincide con el usuario de active directory , como restringida.
Cuando el usuario trata de conectarse al servidor BE ( con la consola remota) da error diciendo que el acceso está denegado.
Estoy usando BackupExec 2010 R3 y los últimos fixes, sobre win 2008 R2.
Gracias por la ayuda.
Saludos
Horacio (desde Uruguay)
Solved! Go to Solution.
12-07-2011 09:38 AM
VJware...i put the user in local backup operator group in the BE-Server.
Apparently worked...i´ll wait till tomorrow to try using their user-id because..they are gone
Thanks
12-07-2011 06:45 AM
These are the min requirements for a BESA - http://www.symantec.com/docs/TECH36718
12-07-2011 06:47 AM
Hi,
You can read my article below for further information on this...
https://www-secure.symantec.com/connect/articles/how-leverage-backup-execs-remote-console |
Thanks!
12-07-2011 06:49 AM
...the OP would like other users to log on but not have all the rights to BE!
12-07-2011 06:56 AM
I understand that...however, the OP also wants these users to also create new backup jobs... (atleast this is what Google Translate also translated for me, else I might be wrong...hence, posted the BESA requirements )
12-07-2011 07:10 AM
Based on the tech36718 the user must be domain admin or backup operator.
The user belongs to backup operator group...but ...when try to connect to the BE-server using remote console..the error "access denied" appears.
User in AD anv BE is the same...the pwd too.
12-07-2011 07:17 AM
VJWARE..i need to delegate backups/retore's job task to another group without delegate domain admins rights.
I've installed remote administrative console in their computers, but when they try to connect to the BE server.."access denied" error appears.
Is possible to define a user to access BE-server and the jobs still running with other user (domain admin)???.
Thanks a forgive my english errors..8(
12-07-2011 07:24 AM
Check if this user has the " log on locally" right on the BE media server....Also, try to launch the the Remote Admin console in elevated mode using "run as"..
Also, as I understand, you are trying to use the BE logon account for the remote admin console as well, right ?
12-07-2011 07:41 AM
There used to be an add-on called ExecView that would allow non administrators to view jobs and alerts.and to respond to alerts
That disappeared a long time ago (v11d?)
Head over to the Ideas page and find the post and give that a "thumbs up" We may not see an equivalent, but you never know . . . .
12-07-2011 08:53 AM
VJware..yes, it´s true...i´m using BE logon account in remote console too. Use elevated mode is not a possibility because the users must log in using their own user-id and pwd..
i´ll check wheter the user can "log on locally" in BE-server
12-07-2011 09:05 AM
Ken, hello.
The problema is that is not enough to view jobs and alerts...i need this poeple can create jobs too.
The idea is delegate backup/restore tasks to another group without giving elevated rights in the network.
In the future, backup/restore tasks must be performed by "Operations" group...not more for "infrastructure" group.
If i put the user in "domain admin" group..it works!!!...but...NOOOOO....NEVERRRRRRRR...8)
Thank you.
12-07-2011 09:38 AM
VJware...i put the user in local backup operator group in the BE-Server.
Apparently worked...i´ll wait till tomorrow to try using their user-id because..they are gone
Thanks
12-07-2011 12:27 PM
Hmmm
Well if you create a group that has Local Admin rights on the media server, then they could create jobs, but they would have all other Admin rights to that computer itself, too
I doubt that Symnatec will ever grant non-Admins the rights to Create or Modify jobs
If you can make a business case for this, to ahead and post it to the Ideas area and we may see it in a future release
12-08-2011 08:32 AM
Ken,
I add the user in the local "backup operators group" in the BE-server and it works. Thanks.