Acronis Backup & Recovery 10 Advanced Workstation TIDLBPDES5 Manuale Utente
Codici prodotto
TIDLBPDES5
When creating the accounts, follow these guidelines:
•
For users whom you want to act as storage node administrators, add their accounts to the
Administrators group.
Administrators group.
•
For other users, add their user accounts to the Users group.
Additional right of machine administrators
A user who is a member of the Administrators group on a machine can view and manage any archives
created from that machine in a managed vault—regardless of the type of that user's account on the
storage node.
created from that machine in a managed vault—regardless of the type of that user's account on the
storage node.
Example
Suppose that two users on a machine, UserA and UserB, perform backups from this machine to a
centralized vault managed by a storage node. On the storage node, let these users have regular (non-
administrative) accounts UserA_SN and UserB_SN, respectively.
centralized vault managed by a storage node. On the storage node, let these users have regular (non-
administrative) accounts UserA_SN and UserB_SN, respectively.
Normally, UserA can access only the archives created by UserA (and owned by UserA_SN), and UserB
can access only the archives created by UserB (and owned by UserB_SN).
can access only the archives created by UserB (and owned by UserB_SN).
However, if UserA is a member of the Administrators group on the machine, this user can additionally
access the archives created from this machine by UserB—even though UserA's account on the
storage node is a regular one.
access the archives created from this machine by UserB—even though UserA's account on the
storage node is a regular one.
2.11.7.6. Management server administrator rights
Normally, the Acronis Backup & Recovery 10 Management Server administrator operates on a
registered machine on behalf of the Acronis Managed Machine Service (also known as the Acronis
service) on that machine and has the same privileges as the service has.
registered machine on behalf of the Acronis Managed Machine Service (also known as the Acronis
service) on that machine and has the same privileges as the service has.
Alternatively, when creating a backup policy, the management server administrator has the option to
explicitly specify a user account under which the centralized backup plans will run on the registered
machines. In this case, the user account must exist on all the machines to which the centralized policy
will be deployed. This is not always efficient.
explicitly specify a user account under which the centralized backup plans will run on the registered
machines. In this case, the user account must exist on all the machines to which the centralized policy
will be deployed. This is not always efficient.
To be a management server administrator, the user must be a member of the Acronis Centralized
Admins group on the machine where the management server is installed.
Admins group on the machine where the management server is installed.
2.11.7.7. Rights for Acronis services
In Windows, most Acronis components run as services. A service runs under an account—either a
user account, such as Administrator; or a system account, such as Local System.
user account, such as Administrator; or a system account, such as Local System.
A security best practice is to run each service under a dedicated user account which has only a
minimal set of user rights needed for that service.
minimal set of user rights needed for that service.
When installing a component that runs as a service, you can specify the account under which the
service will run—either a default account for the component, or an existing account.
service will run—either a default account for the component, or an existing account.
The following table shows the necessary user rights and the default names of the user accounts for
each component's service.
each component's service.
72
Copyright © Acronis, Inc., 2000-2009