hi Veeam CommunityI have a backup server that uses the drives in the backup server as a repository, and the backup server works as a workgroup. I want the permissions on these drives to be only for the veeam service.I want to do this for more security.My question is whether such an idea is good?If it is good, what permissions should I give to these drives?
Hi
yes it is a good idea follow these BPs
greetings
Windows Backup Repository - Veeam Backup & Replication Security Best Practice Guide
And
Hardening Veeam 12 Server: the definitive checklist | Veeam Community Resource Hub
Nice info from the BP guide
Follow the advice above, however, be very careful when playing with permissions cause if not done correctly you can cause a world of pain trying to fix them. I would look at the Best Practice stuff and implement roles and MFA on the server.
ye thx
Follow the advice above, however, be very careful when playing with permissions cause if not done correctly you can cause a world of pain trying to fix them. I would look at the Best Practice stuff and implement roles and MFA on the server.
My concern as well. Good advice!
Nice info from the BP guide
Me too
Thanks Link State
As per the User Guide, you need to give Read/Write permissions (See SMB Share section). But, not sure doing so poses any benefit. Anyone who gains access to the VBR server could potentially wipe the files anyway, regardless if you give explicit permissions or not.
Hi
Just to add to this, It seems that your Repository is on the same VBR server, you will not be meeting the best practice and an error will be displayed on the “Security and Compliance” wizard.
Veeam recommends placing the repository server(s) in a restricted area, because they contain 100% copy of your prod env and MUST be physically secured and have appropriate access control systems in place which you desire!
As per the User Guide, you need to give Read/Write permissions (See SMB Share section). But, not sure doing so poses any benefit. Anyone who gains access to the VBR server could potentially wipe the files anyway, regardless if you give explicit permissions or not.
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.