Getting the non-administrator client recovery working in DPM 2010
As said in a previous post, with the latest QFE, it is now possible to give your end-users the possibility to recover data from the DPM server through the DPM Client UI, without them being local administrator on their machine.
This is a feature that many administrators wanted, and now it is finally there.
So after installing the QFE on my environment, I started to test this out.
Now here is the first catch…
There is a mistake in the documentation of the KB. It states the following:
The administrator of a client computer has to set the name of non-admin users who have permissions to perform end-user recovery of protected data of a client computer. To do this, the administrator must add the following registry key and value for each of those non-admin users
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection and then create a new key called ClientOwner as REG_MULTI_SZ
So first thing is browse to that hive
Second thing was inserting the new registry key
When I couldn’t get it working, I wrote an email to the product team and also digged in to the log files. There it clearly stood that the key needed to be ClientOwners with an S at the back.
PS: REG_MULTI_SZ = Multi-String Value
I changed that, but it still didn’t work as I expected. Luckily, the product team replied very fast (thank you Venkat!) and gave me the naming convention to use for placing the non-admin users in that key. (which I had wrong also ofcourse…)
The convention is: DOMAIN\Username
And if you want multiple non-admin users in that registry, then you need to use DOMAIN\Username, DOMAIN\Username2
When that was done, I rebooted the windows computer, waited until a backup was taken and then it worked:
Next post will go deeper into the Client protection
Cheers,
Mike
Update: Thanks to Alex Smits, who saw I had the wrong QFE link...