The support forum

Passwording

Sputnik-ETO :

Sep 16, 2014

Hi Alex.

well ive rolled Bvckup to 2 machines so far and i must admit im impressed! ive got them running in service mode but note that if i launch the desktop thingy, the user is able to stop the backup, change it whatever they like!

As a hard put upon IT officer on board a ship crewed with 20 wannabe IT pros who think (but dont) they know better, can i password this or set it up in the admin account so that it cant be interfered with?

Alex Pankratov :

Sep 16, 2014



Restricting an access to the UI *is* supported, but it's done in a slightly different manner. It is possible to lock down a connection point that is used by the UI to communicate with the engine. When this restriction is in place, the UI simply doesn't have an access to the service *unless* it's launched with the full admin privileges, which would typically involve going through the "enter your admin password" UAC dialog.

To enable this restriction, you will need to shut down the Bvckup2 service and change the "ipc_sec_file" entry in C:\ProgramData\Bvckup 2\engine\bvckup2-engine.ini file to -

      ipc_sec_file   C:\ProgramData\Bvckup2\engine\ipc-security

Then, when the service starts, it will search for ipc-security file and copy effective access permissions for the UI/service connection from it. So you just need to create an empty ipc-security file at the above location and then configure its access permissions as needed via standard Properties/Security dialog.

--

That said, I think making the UI password-protected might not be a bad idea. Let me sleep on it.

Sputnik-ETO :

Sep 16, 2014

i will have a go at this tomorrow thanks Alex

Sputnik-ETO :

Sep 17, 2014

im sorry Alex but i cant find this file to alter it. where is it?

Sputnik-ETO :

Sep 17, 2014

Ok ive found the file on one of the pc's it has the ipc entry with nothing next to it, ive entered the text youve typed above and saved it but when i try to put it into service mode it asks for the admin login and then it gives an error message asking to contact support.

HELP!

Sputnik-ETO :

Sep 17, 2014

Heres how the amended file looks, what am i doing wrong?

admin_netfix                                       1
admin_netfix_intvl                                 5:1
def_filters                                        0 00000010 00000000 \hiberfil.sys
def_filters                                        0 00000010 00000000 \pagefile.sys
def_filters                                        0 00000010 00000000 ~*.tmp
def_filters                                        0 00000010 00000000 .tickle
def_filters                                        0 00000010 00000000 \$dcsys$
def_filters                                        0 00000010 00000010 \System Volume Information
def_filters                                        0 00000010 00000010 \Recycler
def_filters                                        0 00000010 00000010 \$Recycle.bin
def_filters                                        0 00000010 00000010 \Windows\CSC
def_filters                                        0 00000010 00000010 \Windows\System32\LogFiles\WMI\RtBackup
def_filters                                        0 00000010 00000010 \ProgramData\Microsoft\Crypto
def_filters                                        0 00000010 00000010 \ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager
def_filters                                        0 00000010 00000010 C:\Users\ETOSPU~1\AppData\Local\Temp
def_filters                                        0 00000010 00000010 C:\Users\ETO Sputnik\AppData\Local\Bvckup2\
def_filters                                        0 00000010 00000010 C:\ProgramData\Bvckup2
def_filters                                        0 00000010 00000010 Temporary Internet Files
def_filters                                        0 00000010 00000010 CryptNetUrlCache
def_filters                                        0 00000010 00000010 Mozilla\Firefox\Profiles\*\Cache
def_filters                                        0 00000010 00000010 Google\Chrome\User Data\*\Cache
def_root_excl                                      Recycler
def_root_excl                                      $Recycle.bin
def_root_excl                                      System Volume Information
def_sdrt_pause                                     5:5
delay_on_boot                                      0
delay_on_boot_val                                  5:5
delay_on_resume                                    2
delay_on_resume_val                                5:5
disable_external_command                           0
fixed_drive_bus_mask                               f2a
ipc_buf_size                                       1677721
ipc_sec_file   C:\ProgramData\Bvckup2\engine\ipc-security                                      
log_flush_intvl                                    4:5
misc.version                                       1.70.0.0
prep_net_backups                                   1
requery_intvl                                      4:5
requery_new_drives                                 1
resuscitate_drives                                 1
resuscitate_netmon                                 1
serialize_jobs                                     1
stats.bytes_read                                   200291722638
stats.bytes_written                                22994286990
stats.files_scanned                                11232
stats.runs                                         387
stats.started                                      2014-09-16 10:59:57.848
trim_ws                                            0
trim_ws_cap                                        8388608
trim_ws_val                                        4:5
use_wincrypt                                       0

Alex Pankratov :

Sep 17, 2014

You need to create C:\ProgramData\Bvckup2\engine\ipc-security file, for example, with Notepad. Then you will need to open in its Properties in Windows Explorer and in Security tab adjust permissions so that only Administrator has an access to it. Then you will need to restart the service.

At this point, if you start the UI as usual, it will see that the service is running, but it won't be able to connect to it. In order for the UI to connect to the service you will need to right-click on bvckup2.exe and select "Run as admin". This should prompt you for Admin username and password, launch the UI and the UI should be able to connect to the service.

... I guess, this *is* a bit contrived, so the password protection starts to look a bit more practical now :)

Sputnik-ETO :

Sep 17, 2014

Its not contrived Alex, BUT it certainly isnt user friendly. unfortunately im really a heavy electrician with IT user/admin skills but this is more than ive had to deal with in the past as network admin. im confident that i can do it (eventually). Its not exactly user friendly though!

is there a written manual for this product?

Sputnik-ETO :

Sep 17, 2014

Hi Alex.

Am i correct in that if i set up the backup in the admin logon on and put it in to system mode that it will carry out all the backing up as long as the machine is powered up without the admin being logged on?

if it will do this then all i need to do is to set it up in my log on to back up all users and it will work without any other user having any access or even knowing that its running and theres no need for passwording.

Sputnik-ETO :

Sep 18, 2014

Hi Alex.

I think ive answered my own question. ive set up the program in my admin account to back up all users put it in to service mode, logged off and opened up another user and i can see it running in the task manager.

I would appreciate if you could confirm that this will run correctly though.

Alex Pankratov :

Sep 18, 2014

Am i correct in that if i set up the backup in the admin logon on and put it in to system mode that it will carry out all the backing up as long as the machine is powered up without the admin being logged on?


Yes, this is it! That's a much simpler way of achieving what you are after. Why haven't I thought about this before? Erm.

Is there a written manual for this product?


Not yet. Working on it.

Sputnik-ETO :

Sep 18, 2014

Sometimes it takes the laymens approach to a solution.... Technicians always look for the complicated way of doing something!

However.... I will still have the problem that one of my machines will have 2 admin accounts, because they need to do some stuff which requires basic admin BUT i dont want them to fiddle with this.... so passwording is still good to have. ill try the security file approach and take away the other admin access to the file. No doubt ill be back with questions!

New topic

Create
Made by Pipemetrics in Switzerland
Support


Follow
Twitter
Dev blog
Miscellanea Press resources
Testimonials
On robocopy
Company
Imprint

Legal Terms
Privacy