hi Veeam CommunityI have a backup server that uses the drives in the backup server as a repository, and the backup server works as a workgroup. I want the permissions on these drives to be only for the veeam service.I want to do this for more security.My question is whether such an idea is good?If it is good, what permissions should I give to these drives?
Solved
Restricting Permissions on Repository Folder for more security
Best answer by Link State
Hi
yes it is a good idea follow these BPs
greetings
Windows Backup Repository - Veeam Backup & Replication Security Best Practice Guide
And
Hardening Veeam 12 Server: the definitive checklist | Veeam Community Resource Hub
+11Hi
yes it is a good idea follow these BPs
greetings
Windows Backup Repository - Veeam Backup & Replication Security Best Practice Guide
And
Hardening Veeam 12 Server: the definitive checklist | Veeam Community Resource Hub
Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
+20As per the User Guide, you need to give Read/Write permissions (See SMB Share section). But, not sure doing so poses any benefit. Anyone who gains access to the VBR server could potentially wipe the files anyway, regardless if you give explicit permissions or not.
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+20Nice info from the BP guide
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+21Follow the advice above, however, be very careful when playing with permissions cause if not done correctly you can cause a world of pain trying to fix them. I would look at the Best Practice stuff and implement roles and MFA on the server.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+11ye thx
Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
+20Chris.Childerhose wrote:
Follow the advice above, however, be very careful when playing with permissions cause if not done correctly you can cause a world of pain trying to fix them. I would look at the Best Practice stuff and implement roles and MFA on the server.
My concern as well. Good advice!
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
coolsport00 wrote:
Nice info from the BP guide
Me too
Thanks Link State
+11coolsport00 wrote:
As per the User Guide, you need to give Read/Write permissions (See SMB Share section). But, not sure doing so poses any benefit. Anyone who gains access to the VBR server could potentially wipe the files anyway, regardless if you give explicit permissions or not.
Hi
Just to add to this, It seems that your Repository is on the same VBR server, you will not be meeting the best practice and an error will be displayed on the “Security and Compliance” wizard.
Veeam recommends placing the repository server(s) in a restricted area, because they contain 100% copy of your prod env and MUST be physically secured and have appropriate access control systems in place which you desire!
[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.