Answer the question
In order to leave comments, you need to log in
Correct permissions on the Windows archive?
Good day
Due to the fact that ransomware perfectly mounts all connected devices, a question arose about the rights to them.
I want to set up a backup with maximum protection against ransomware at the level of disk rights.
1. How to back up correctly: on a disk for archives or on a volume?
2. How to correctly distribute the rights to the disk / volume with the backup?
Win Server 2008 R2 Std
UPD1:
This "Archive Only Drive" can be assigned a letter, which ransomware successfully does.
The question is the difference between the backup - is it in these two ways?
3. How to configure from under whom to make this backup?
4. What to give him rights to copied discs?
Answer the question
In order to leave comments, you need to log in
Experimented. Bottom line: The
backup is done on behalf of the "system", everyone else can access the disk / volume / folder with the backup.
The same "system" has access to all drives by default.
The difference between "Disk for archives" and "Volume for archives" is the ease of use of the first option and the convenience of the second for, say, a file dump of unnecessary files.
The correct backup is done a little differently: We put a
separate computer for backup. Under a normal operating system - I recommend FreeBSD, there are practically no viruses under it; you can take a NAS. Windows will either 'share' the folders that need to be backed up; or has a backup agent. Then the backup machine itself pulls the necessary data onto itself. Windows basically does not have the ability to write to a backup machine.
There is another option:
Install Linux. Inside we put a virtual machine, Windows on it. As necessary, data from Windows is backed up to the host system, and again, Windows, in principle, does not have the ability to write to where the backups are stored, everything is written by the host.
The rights to write, change, delete only for the user Backup
This user should not be an administrator, and no programs other than backup should be run on behalf of this user.
Everyone else, especially administrators, should not have permission to write, modify, or delete archives.
1. How to back up correctly: on a disk for archives or on a volume?The difference is not entirely clear. In general, the system works with volumes - a letter is assigned to a volume. In principle, you can write data to a volume without a letter, but how you will work with the disk is not clear. It already needs special software.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question