Backup Operator Priv's ?

  • Thread starter Thread starter - Bob -
  • Start date Start date
B

- Bob -

I need to have a user who is allowed to backup _all_ files to tape...
but the user does not have priv's to all the files on the drive(s).

If I add the user to the Backup Operator group:

- can they backup all files?
- have I given them priv's that might allow them to see files
that they are not authorized to (assuming they don't hijack
the backup tape and load it elsewhere).

Thanks,
Bob
 
Hi Bob.

See the link below. Backup Operators can change the ownership of files and
folders when restoring them which could potentialy give a malicious user
access to files they should not access. If the backup operators is removed
from the user right for restore files and directories thery could not do
that and only be allowed to backup the files which would require an
administrator to restore the files. --- Steve

http://www.microsoft.com/resources/...erver/reskit/en-us/distsys/part5/dsgappd.mspx
 
Back
Top