Settings can be changend in client - but prohibited

werner2013 · September 13, 2013, 4:16pm

hy, i tried Server Version 1.2.4
Client 1.2.1

I have disabled that the client user can change his settings - but after every reebot it is possible to change some settings for some minutes. I think this is not really good.
One scenario where i can think taht this can make troble is the following.
System adminstrator has a server and many domain users.
Everybody has only one Computer - so the admin adjusts the settings so that every user profile will be backed up.
PC1: For user1 c:\users\user1 will be backed up
PC2: For user2 c:\users\user2 will be backed up

Every user has access to the Backup files via Browser - Ok
Now user 2 want’s to have access to some admin files on the desktop from the adminstrator (c:\users\superadmin
All the user has to do is to restart the computer - change the settings to backup the complete c:\users folder - and then he has just to wait for next backup to restore some files where he hasn’t access before !
I recomend that the ACL should also be backed up - on windows robocopy is able to do this easily.
I don’t know how urbackup works internaly - but with robocopy - long pathnames and special characters are no problem.
Even when the Windows Explorer can’t read the folder or the file - robocopy is able to copy that content.

Please think of it - maybe we loose the file access via browser -because the rights management is complicated

Normaly in a Domain environment - many users have access to the same computer - so the admins must restrict the wrongful restore possibilities.

Kind regards werner

uroni · September 18, 2013, 9:37pm

I think I removed that period where you can set the paths (still have to test, though). ACLs are kind of a problem. I think it would be doable to save them and restore them (once there is a restore option via client). Acessing them in a platform independent way to make certain web interface users unable to browse to some paths, however, would be kind of difficult.

werner2013 · September 19, 2013, 8:32am

Hy, i think the easiest way to avoid security problems is to change the default behavior in a way that ony adminsitrator can change the paths on client computers.
Admins allready has access to every folder - so this is the “quick fix” i think.

kind regards

tjohnson1989 · October 18, 2013, 7:11pm

I am not sure what do you mean are you referring to the client changing the settings via the tray icon? if thats the case in a domain enviorment your best option is to remove the tray icon from all workstations and manage everything via the web browser. Then with the web browser only allow each user logons to see there computer and as of right now do not allow them access to the settings tab to better secure your network.