Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and questions can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "Avamar Support Forum" which would be the most relevant for this question.
If any one of them try to run a restore operation by logging into DT/LT interface, using their own AD credential, they can see each other's data. Is it a normal behaviour ?
Yes. Administrator can see every profile, user can see own profile. By default they can browse each others folders in Windows as they are local administrators.
Avamar supports three user authentication methods. The detailed info as following:
Directory service authentication
Directory service authentication uses the Avamar client login screen to obtain a username and password. This information is authenticated using your company's directory service (such as LDAP, Active Directory, or NIS).
To log in:
1. In Username, enter your directory service account username.
This field is case-sensitive. It requires the username assigned to your directory service account in LDAP, Active Directory, or NIS. This field is automatically filled-in by Avamar client.
Avamar client determines your username based on the login information you provide when you log in to the computer.
2. In Password, enter your directory service password.
This field is case-sensitive. It requires your directory service account password.
3. Click Login.
Avamar authentication
Avamar authentication uses account information set up for you on the Avamar server. Directory service account information is not required to log in using this method. To log in successfully, at the Avamar client login screen, provide the username and password of your account on the Avamar server. This account is set up for you by your backup administrator.
To log in:
1. In Username, enter your Avamar username.
This field is case-sensitive. It requires only the username assigned to you for an Avamar account on the Avamar server.
IMPORTANT: Server and domain information should not be entered in this field, only the username.
2. In Password, enter the password for your Avamar account.
This field is case-sensitive.
3. Click Login.
Mixed authentication
Mixed authentication uses Directory service authentication for some users and Avamar authentication for others. To log in, follow the steps for the authentication type assigned to you.
Mixed authentication can also be configured to use transparent authentication for Windows and Mac domain users, or to display the login screen for all users.
My suggestion:
In your environment, I think you can use Directory service authentication(i.e. Windows AD). So, even though each desktop has 3 profiles created as Administrators, these 3 users need to login Avamar Desktop/Laptop by themselves Windows AD domain name(e.g. Domainname\username).
So, after to login DLTL by AD domain name, I think these 3 users can only review, backup and restore their own data.
For the material of Authentication configuration, you can review chapter 20 "Avamar Desktop/Laptop" of Avamar 6.1 Administration Guide.
christopher_ime
4 Operator
•
2K Posts
0
July 13th, 2013 22:00
Supratik,
Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and questions can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "Avamar Support Forum" which would be the most relevant for this question.
niko.virta
51 Posts
0
July 16th, 2013 01:00
If any one of them try to run a restore operation by logging into DT/LT interface, using their own AD credential, they can see each other's data. Is it a normal behaviour ?
Yes. Administrator can see every profile, user can see own profile. By default they can browse each others folders in Windows as they are local administrators.
ot73L11uKW12413
10 Posts
0
July 17th, 2013 20:00
Hi Leo,
That is what exactly my customers are doing right now. Authenticating via AD for each user. But, the issue remains.
Regards,
Supratik
DELL-Leo
Community Manager
•
9K Posts
0
July 17th, 2013 20:00
Hi,
Avamar supports three user authentication methods. The detailed info as following:
Directory service authentication
Directory service authentication uses the Avamar client login screen to obtain a username and password. This information is authenticated using your company's directory service (such as LDAP, Active Directory, or NIS).
To log in:
1. In Username, enter your directory service account username.
This field is case-sensitive. It requires the username assigned to your directory service account in LDAP, Active Directory, or NIS. This field is automatically filled-in by Avamar client.
Avamar client determines your username based on the login information you provide when you log in to the computer.
2. In Password, enter your directory service password.
This field is case-sensitive. It requires your directory service account password.
3. Click Login.
Avamar authentication
Avamar authentication uses account information set up for you on the Avamar server. Directory service account information is not required to log in using this method. To log in successfully, at the Avamar client login screen, provide the username and password of your account on the Avamar server. This account is set up for you by your backup administrator.
To log in:
1. In Username, enter your Avamar username.
This field is case-sensitive. It requires only the username assigned to you for an Avamar account on the Avamar server.
IMPORTANT: Server and domain information should not be entered in this field, only the username.
2. In Password, enter the password for your Avamar account.
This field is case-sensitive.
3. Click Login.
Mixed authentication
Mixed authentication uses Directory service authentication for some users and Avamar authentication for others. To log in, follow the steps for the authentication type assigned to you.
Mixed authentication can also be configured to use transparent authentication for Windows and Mac domain users, or to display the login screen for all users.
My suggestion:
In your environment, I think you can use Directory service authentication(i.e. Windows AD). So, even though each desktop has 3 profiles created as Administrators, these 3 users need to login Avamar Desktop/Laptop by themselves Windows AD domain name(e.g. Domainname\username).
So, after to login DLTL by AD domain name, I think these 3 users can only review, backup and restore their own data.
For the material of Authentication configuration, you can review chapter 20 "Avamar Desktop/Laptop" of Avamar 6.1 Administration Guide.