Can we restrict user to access the registry key of Data Domain from Windows server?
According to the customer, he can refer & edit the registry key of Data Domain from his Windows server through the "remote registry". So the customer wants to restrict the access to the registry key from the Data Domain side. The reason for this is his high security requirement.
Registry on DD? You mean reg.<something> setting? Unless user has rights to modify it, they should not have access to it (otherwise that would be a bug in my view). Did you check which user customer is using when doing that and if this used is set on DD? Or is it something else customer is referring to?
Hello Hrvoje Crvelin,
Yes, registry on Data Domain.
So if the cutomer has the rights to modify it (the rights can be given to customers?), he can access it from his Windows server?
No, I didn't look at that he was doing that.
Thank you for response.
I'm just thinking out loud here and feel free to correct me if I'm wrong.
The registry entries are made by the OST plugin. If the user which was used to install the plugin had access to registry (or has admin rights) then I'm not sure how you can stop the user from accessing/modifying the registry.
These registry keys are meant for CIFS functionality on Data Domain (I might be wrong).
I think that the customer is loging in with te user name that is created as local user on Data Domain.
If this user has an admin role on Data Domain (like sysadmin), then he/she can edit the registry keys.
If this user has User role, then he/she can view the registry keys but cannot alter them.
Can you really hide those keys while using CIFS service? No (as far as I know).
If you really wants to hide them, then stop the CIFS service on Data Domain and they will "poff" disappear!