Protecting Workgroup Computers
Applies To: System Center Data Protection Manager 2010
To protect a computer that is not joined to a domain, you must follow the steps outlined in this topic.
Installing Agents on Workgroup Computers
Attaching a Workgroup Computer to the DPM Server
Important
To protect a computer that is running Windows XP, you must first disable the ForceGuest registry key otherwise NTLM authentication will fail while attaching the computer.
For more information about disabling the ForceGuest registry key, see How to Set Security in Windows XP Professional That Is Installed in a Workgroup (https://go.microsoft.com/fwlink/?LinkID=192212).Installing Agents on Workgroup Computers
You can install a DPM protection agent on a computer by using DPMAgentinstaller.exe (DPMAgentInstall_X64.exe) from the DPM setup DVD.
After installing the agent, you need to run SetDpmServer and specify the local user credentials which would be used for authentication. A local user account will be created and the DPM protection agent would be configured to use this account for authentication.
Syntax: SetDpmServer.exe -dpmServerName <serverName> -isNonDomainServer -userName <userName> [-productionServerDnsSuffix <DnsSuffix>]
| Parameter | Description |
|---|---|
-IsNonDomainServer |
Specifies that this server is in a workgroup or an untrusted domain. |
-UserName |
Creates an NT user account with the specified username for this server to communicate with DPM server. This option should be used along with -IsNonDomainServer. |
-ProductionServerDnsSuffix |
In case there are multiple DNS suffixes configured for this server, ProductionServerDnsSuffix represents the DNS suffix which DPM server will use to communicate with this server. |
-DpmServerName |
Name of the DPM server. FQDN if DPM server and protected computer are accessible to each other using FQDNs. NETBIOS if DPM server and protected computer are accessible to each other using NETBIOS names. |
Attaching a Workgroup Computer to the DPM Server
The steps to attach a workgroup computer using DPM Administrator Console are as follows.
Start the Protection Agent Installation Wizard from the DPM Administrator Console.
Select Attach and click Next.
Enter the computer name, user name, and password for the computer that you want to attach to. This should be the same as the login credentials specified during agent installation on that computer. Click Next.
Review the information on the Summary page, and then, if the information is correct, click Install. After the attach action is completed successfully, click Close.
Attaching a Workgroup Computer by Using DPM Management Shell
You can also attach a workgroup computer by using the Attach-NonDomainServer script in DPM Management Shell.
Syntax: Attach-NonDomainServer.ps1 -DPMServername [Name of DPM server] -PSName [Protected computer] -Username [username] -Password [Password]
This script registers the specified workgroup computer to be protected with this DPM server, creates a local user account using the specified credentials, and configures DPM to use these credentials to authenticate the workgroup computer.
Important
Before attaching the workgroup computer to the DPM server by using the DPM Administrator Console or DPM Management Shell, you must install the DPM agent and run SetDpmServer.exe on the workgroup computer.
Important
If you use the NetBIOS name of the DPM server in the SetDPMServer command, you also must use the NetBIOS for the protected computer when you attach the computer. This also applies if you use the fully qualified domain name (FQDN) of the DPM server.
Examples
Example 1
Configuring a workgroup computer for protection after agent is installed.
On the workgroup computer, run SetDpmServer.exe -DpmServerName Server01 -isNonDomainServer -UserName mark.
On the DPM server, run Attach-NonDomainServer.ps1 –DpmServername Server01 -PSName Finance01 -Username mark.
Important
Because the workgroup computers are typically accessible only by using NetBIOS name, the value for DPMServerName must be the NetBIOS name.
Example 2
Configuring a workgroup computer with conflicting NetBIOS names for protection after agent is installed.
On the workgroup computer, run SetDpmServer.exe -dpmServerName Server01.corp.contoso.com -isNonDomainServer -userName mark -productionServerDnsSuffix widgets.corp.com.
On the DPM server, run Attach-NonDomainServer.ps1 -DPMServername Server01.corp.contoso.com -PSName Finance01.widgets.corp.com -Username mark.