The support forum

Saved Credentials

mastershakes :

Aug 20, 2019

Just a heads up...I have been beating my head against the wall for the better part of a week on this.

Backstory - I have a Synology ds918 NAS.  It is used mostly as just a backup and since my work just had a VERY bad experience with some ransomware that encrypted the NAS backups (thank god we had cloud backups) I wanted to lock it down.  

I created a new "backup" user who would be the only user to have R/W perms all the other users either nothing or R/O.  I created the backups tasks in Bvckup and added the backup and credentials.  

Initially it seemed everything was working as it should - R/O access for some of the users and the backups were running fine.

Every now and then I test the access privileges by trying to delete some files with my normal windows account (I shouldn't be able to) and I was able to delete files.  WTF!!!  

I turned off the RW perm for the backup user and then I could NOT delete anymore with my normal windows account.  Very strange.   At this point I thought for some reason maybe windows was remembering the credentials that Bvckup was using to run the backups.  So I changed Bvckup to run as a service so it wouldn't have access to my windows session and it seems all is right with the world again.  Bvckup can backup and my local windows account cannot access the shared folder.

Mostly just a FYI...but wondering if there is a setting in windows and/or bvckup to not remember credentials.

mastershakes :

Aug 20, 2019

Also,  I never entered the  backup users credentials into windows via the windows credential dialog.  I checked the credential manager in windows to make sure.

Also it was strange when I would access the share via the DNS name my local windows user was locked out (as it should be) but then accessing with the NAS IP address had full R/W privileges (WRONG).

I have the IP address in Bvckup.

Alex Pankratov :

Aug 20, 2019

There's no way to establish a share connection for a specific process only (similar to how it can be done for FTP, for example). The access granularity is that of a user session.

Add this to the fact that Bvckup 2 doesn't tear down the share connection once it's done with the backup, and you will indeed end up with the case when the share becomes accessible to the desktop user if the program itself is running under an interactive user account.

So I changed Bvckup to run as a service so it wouldn't have access to my windows session and it seems all is right with the world again.

That's precisely how it should be set up to achieve what you are after - you switch bvckup2 process to run under a dedicated user account.

mastershakes :

Aug 20, 2019

Thanks for the clarification on that.  That's what I suspected.

New topic

Made by IO Bureau in Switzerland

Blog / RSS
Follow Twitter
Miscellanea Press kit
Company Imprint

Legal Terms