Backup questions

EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
1. Question at end of chapter 7 (Backup) of the 70-290 MS Press Book: (I reworded it a little)

Question : Scott Bishop is a power user at a remote site. You want Scott to be able to backup and restore files to the remote location without him having to call you for help, but restrict his ability to strictly backup and restore. What is the best practice for giving him this right so that he has minimum access to anything else.

Answer: Make him a member of the Backup Operators group. Backup Operators by default have the ability to restore and backup files.

Now, while making him a member of the Backup Operators group does give him the right of backing up and restoring data, regardless of any permissions that protect those files. They can also log on to and shut down the computer and the group membership also gives him the ability to connect to hidden admin shares. Isnt the MS answer giving the user some additional privileges ??

2. MS Press says if you are not an administrator or a backup operator, and you want to back up files, then you must be the owner of the files and folders that you want to back up and have Read permissions of the files you want to backup. Also you must have Write permissions to the folder you want to backup the file/folder to.

Reading through TechNet,
However, if you are not an administrator or a backup operator, and you want to back up files, then you must be the owner of the files and folders that you want to back up, or you must have one or more of the following permissions for the files and folders you want to back up: Read, Read and execute, Modify, or Full Control.

TechNet says you must have Modify access for the files/folders you want to backup. I am icon_confused.gif Please help.
NSX, NSX, more NSX..

Blog >> http://virtual10.com

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    I think you misread it. It looks like that means you can perform a backup with any of those, not that Modify is required.
  • EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
    Yupp, you are right dynamik, I did misread it. But what about my first question? Any thoughts on that?
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Sorry, I just glanced at it. I thought it was all the same question.

    I think it just demonstrates that you're going to have a hard time finding a perfect fit between privileges and responsibilities. Sure, he might have more than exactly what is needed to do his job, but is there a better fit? There's always going to be a trade off. Even if you could create a perfect group for what he has to do, that would increase administrative overhead and make your environment more complex. It might help to think of the question as asking what group could you make him a member of that gives him the least amount of additional privileges as opposed to which group would be a perfect fit.
  • EssendonEssendon Member Posts: 4,546 ■■■■■■■■■■
    I think you are right but the only thing that worries me is that the exam questions can have answer choices that can be an overkill. In the same breath, it occurred to me that making a user a member of the Backup Operators group would grant extra rights constituting an overkill. But you are right about tradeoffs and I guess I will have to make do with this option and hope that the Dan doesnt screw up the network and generate additional helpdesk calls and a hard time for us admins :)
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
Sign In or Register to comment.