Getting the non-administrator client recovery working in DPM 2010

March 11, 2011 at 8:47 am in Uncategorized by mikeresseler

As said in a previous post, with the latest QFE, it is now possible to give your end-users the possibility to recover data from the DPM server through the DPM Client UI, without them being local administrator on their machine.

This is a feature that many administrators wanted, and now it is finally there.

So after installing the QFE on my environment, I started to test this out.

Now here is the first catch…

There is a mistake in the documentation of the KB.  It states the following:

The administrator of a client computer has to set the name of non-admin users who have permissions to perform end-user recovery of protected data of a client computer.  To do this, the administrator must add the following registry key and value for each of those non-admin users

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection and then create a new key called ClientOwner as REG_MULTI_SZ

So first thing is browse to that hive


Second thing was inserting the new registry key


When I couldn’t get it working, I wrote an email to the product team and also digged in to the log files.  There it clearly stood that the key needed to be ClientOwners with an S at the back.

PS: REG_MULTI_SZ = Multi-String Value


I changed that, but it still didn’t work as I expected.  Luckily, the product team replied very fast (thank you Venkat!) and gave me the naming convention to use for placing the non-admin users in that key. (which I had wrong also ofcourse…)

The convention is: DOMAIN\Username



And if you want multiple non-admin users in that registry, then you need to use DOMAIN\Username, DOMAIN\Username2


When that was done, I rebooted the windows computer, waited until a backup was taken and then it worked:



Next post will go deeper into the Client protection



Update: Thanks to Alex Smits, who saw I had the wrong QFE link…