7 management server administrator rights, 3 communication between acronis backup components – Acronis Backup for Windows Server Essentials - User Guide User Manual
Page 345
345
Copyright © Acronis International GmbH, 2002-2014
Acronis Centralized Admins
A user who is a member of this group is a management server administrator. Management
server administrators can connect to the management server by using Acronis Backup
Management Console; they have the same management rights on the registered machines as
users with administrative privileges on those machines—regardless of the contents of Acronis
security groups there.
To be able to connect to the management server remotely, an administrator of the management
server must also be a member of the Acronis Remote Users group.
No user—even a member of the Administrators group—can be an administrator of the
management server without being a member of the Acronis Centralized Admins group.
By default, this group includes all members of the Administrators group.
Acronis Remote Users
A user who is a member of this group can connect to the management server remotely by using
Acronis Backup Management Console—provided that the user is also a member of the Acronis
Centralized Admins group.
By default, this group includes all members of the Administrators group.
On a domain controller
If a machine is a domain controller in an Active Directory domain, the names and default contents of
Acronis security groups are different:
Instead of Acronis Remote Users and Acronis Centralized Admins, the groups are named
DCNAME $ Acronis Remote Users and DCNAME $ Acronis Centralized Admins respectively; here,
DCNAME stands for the NetBIOS name of the domain controller. Each dollar sign is surrounded
by a single space on either side.
Instead of explicitly including the names of all members of the Administrators group, the
Administrators group itself is included.
Tip: To ensure proper group names, you should install Acronis components in a domain controller after you have
set up the domain controller itself. If the components were installed before you set up the domain controller,
create the groups DCNAME $ Acronis Remote Users and DCNAME $ Acronis Centralized Admins manually, and
then include the members of Acronis Remote Users and Acronis Centralized Admins in the newly created groups.
15.1.2.7 Management server administrator rights
Normally, the Acronis Backup Management Server administrator operates on a registered machine
on behalf of the Acronis Managed Machine Service (also known as the Acronis service) on that
machine and has the same privileges as the service has.
Alternatively, when creating a centralized backup plan, the management server administrator has
the option to explicitly specify a user account under which the centralized backup plan will run on the
registered machines. In this case, the user account must exist on all the machines to which the
centralized backup plan will be deployed. This is not always efficient.
To be a management server administrator, the user must be a member of the Acronis Centralized
Admins group on the machine where the management server is installed.
15.1.3 Communication between Acronis Backup components
This section describes how Acronis Backup components communicate with each other using secure
authentication and encryption.