Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

how to enable/create user validation on backup exec 2010 console

Created: 26 Jun 2013 | 5 comments

Hi,

Please assist, I need to know if its possible to enable/create user validation on backup exec 2010 console (backup exec to prompt username and password before accessing the backup exec page/interface)

Operating Systems:

Comments 5 CommentsJump to latest comment

pkh's picture

If the BE logon account is not created by the Windows logon account, you would be prompted for the password when you try to use it.  For example, if BE logon account, User1 is created by Windows UserA and Windows UserB tried to use User1 to access the BE console, UserB would be prompted for the password for User1

Jaydeep S's picture

Edit: More better solution suggested by pkh hence removing my comments.

Nkadi's picture

@pkh, i have tried that and i can open BE without entering username and password

pkh's picture

I forgot to add to my previous answer that UserB must have less privileges than UserA.  If, for example, both UserA and UserB are both domain admins, then UserB would not be prompted for a password when he tries to use User1 to logon to the BE console.  If UserB is not a domain admin, then he will be prompted for a password when he tries to use User1.

If both users have the same privileges, there is nothing to prevent the other user from creating another BE logon account.  Using my example, if both UserA and UserB are domain admins and if it is possible to prevent UserB from using User1, there is nothing to prevent UserB from creating User2 to logon to the BE console and User2 would have the same privileges as User1.

CraigV's picture

Hi,

I checked on restricting the account...ideally this should ensure that once you try access BE, before it lets you in it asks for the password. It doesn't do this.

Ideas have been raised for a while now to get some sort of role-based security features incorporated into BE. This has been going on for years, and I have seen nothing come of it. Add in an Idea and see what happens.

The only other way around this is to remove the Domain Admins group from the Local Admins on the BE server, and add in only the BESA...this way you're restricting who can log onto the media server in the first place.

Thanks!

Alternative ways to access Backup Exec Technical Support:

https://www-secure.symantec.com/connect/blogs/alte...