DLO can automatically manage permissions for accessing network user data folders. An administrator on the media server can create and configure DLO administrator accounts for users. You can use DLO Administrator accounts to avoid having to add users to the administrators group on the media server.
DLO administrator accounts can be managed in the following ways:
-
Grant administrative access to individual users
This option is the default configuration for DLO account management. If you use a list of individuals, you can specify which individuals have full restore rights, and which have limited restore rights.
-
Use domain groups to manage DLO administrators
If you specify domain groups, you can grant full restore rights to one group and grant limited restore rights to another group. The domain groups must already exist or must be created by a domain administrator. For DLO, we recommend using the groups DLOFullAdmin and DLOLimitedAdmin. The full administrator group is used to grant administrators read access to user’s data. The limited administrator group only supplies list access, thus protecting the user’s data from unauthorized access.
When accessing a network user data folder, the DLO console automatically checks the folder to ensure it can read the files and data within. If the console is unable to access the folder, DLO uses the specified domain administrator group to set permissions on the files and folders it needs to access. By making these files and folders a member of the specified DLO administrator group, all DLO administrators are automatically granted permissions to access the necessary resources.
More Information
Using a list of individual accounts to manage DLO permissions