As mentioned previously, you must be a local administrator or backup operator to perform backups and restores on local computers. Likewise, if you're an administrator or backup operator on a domain controller, you can back up any file and folder locally on any computer in the domain. However, if you aren't an administrator or backup operator, you must be the owner of the files and folders that you want to back up, or you must have NTFS permissions for the files and folders you want to back up. One last method worth mentioning is to grant the person who performs backups or restores the Backup Files and Directories right. Tape Security and AccessBy default, the Windows Server 2003 Backup application provides no restrictions to the backup sets or files. You can restrict access to a backup file by selecting Allow Only the Owner and the Administrator Access to the Backup Data in the Backup Job Information dialog box. If you select this option, only an administrator or the person who created the backup file will be able to restore the files and folders. NTFS File PermissionsNTFS file permissions are written to tape along with the files. They're primarily used for restoring and do not restrict access to the files on the tape. The computer name and username information are stored in the tape header. If you enable the Allow Only the Owner and the Administrator Access to the Backup Data check box, the tape is designated as a secure tape. Only the creator, owner, backup operator, administrator, and users with the Backup Files and Directories right are allowed to read, write, and access the tape. If you do not use data encryption, the tapes are not truly secure and should be physically secured in an offsite location if you need to protect sensitive data. Configuring Advanced Restore OptionsTo configure advanced restore options, perform the following steps:
The Advanced Restore options are listed along with a brief description of what each option does in Table 5.1. Table 5.1. Advanced Restore Options
|