Solved: Backing up user directories

pkluss · ‎10-21-2008

I haven't been able to get an answer that I'm comfortable with from phone based tech support, so I'm appealing my case to the masses.

My question has to do with backup user profile directories and user home directories. Our environment is designed to secure the contents of a user's profile and home directory from all access except their own. This means as a domain administrator that I cannot even view the contents. In a pinch I can take ownership of the folder and assign myself permissions, but that's beside the point. The only accounts that have access are the user account and the SYSTEM account.

What credentials does Symantec Online Backup use to access files and folders during backups? Tech support assured me that it was the account that I used to install the agent. I don't actually believe it and suspect that it is the SYSTEM account. I found the service called "Symantec Protection Network Backup Agent" and it says it runs under the "Local System" account. I believe that means I'm correct and that it will successfully back up the files in the user directories, but I might be mistaken.

Can anyone give me a definitive answer here?

Ted_Migdal · ‎10-21-2008

I apologize for your difficulties in finding an acceptable solution to your question. Perhaps this issue requires a bit of discussion. So first of all, yes our agent runs as the local system account and as such has access to all files and folders on the device. With that being said, any user being granted the ability within our web portal to perform a backup or restore would have access to all the files on the device.

We must also keep in mind that currently our agent does not support backing up network drives, so if these users are accessing their data via network shares, installing our agent on each workstation to backup the user data would not be an option.

I can appreciate your security concerns and it seems that in this case the only option may be for you to manage the backup and restore policies yourself and provide no access to the individual users.

I'm hesitant to throw out one last work around to your scenario, assuming I'm understanding it correctly, but NTFS folder encryption may be an option. The user data would be visible to all users but not accessible without the key, which only you and each user should know.

View solution in original post

Ted_Migdal · ‎10-21-2008

I apologize for your difficulties in finding an acceptable solution to your question. Perhaps this issue requires a bit of discussion. So first of all, yes our agent runs as the local system account and as such has access to all files and folders on the device. With that being said, any user being granted the ability within our web portal to perform a backup or restore would have access to all the files on the device.

We must also keep in mind that currently our agent does not support backing up network drives, so if these users are accessing their data via network shares, installing our agent on each workstation to backup the user data would not be an option.

I can appreciate your security concerns and it seems that in this case the only option may be for you to manage the backup and restore policies yourself and provide no access to the individual users.

I'm hesitant to throw out one last work around to your scenario, assuming I'm understanding it correctly, but NTFS folder encryption may be an option. The user data would be visible to all users but not accessible without the key, which only you and each user should know.

VOX

Backing up user directories