Grant user permissions
Updated: February 9, 2017
Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager
Before you begin a DPM deployment, verify that appropriate users have been granted required privileges for performing the various tasks. The following table shows the user privileges that are required to perform the major tasks associated with DPM.
User Privileges Required to Perform DPM Tasks
| Task | Required Privileges |
|---|---|
| Adding a DPM server to an Active Directory domain | Domain administrator account, or user right to add a workstation to a domain |
| Installing DPM | Administrator account on the DPM server |
| Installing the DPM protection agent on a computer | Domain account that is a member of the local administrators group on the computer |
| Opening DPM Administrator Console | Domain account that has administrator privileges on the DPM server |
| Extending the Active Directory Domain Services schema to enable end-user recovery | Schema administrator privileges in the domain |
| Creating an Active Directory Domain Services container to enable end-user recovery | Domain administrator privileges in the domain |
| Granting a DPM server permissions to change the contents of the container | Domain administrator privileges in the domain |
| Enabling end-user recovery feature on a DPM server | Administrator account on the DPM server |
| Installing recovery point client software on a client computer | Administrator account on the client computer |
| Accessing previous versions of protected data from a client computer | User account with access to the protected share |
| Recovering Windows SharePoint Services data | Windows SharePoint Services farm administrator account that is also an administrator account on the front-end Web server that the protection agent is installed on |
| Protect SQL Server | Add the system account NT Authority\SYSTEM to the sysadmin group on the SQL Server you want to protect. In SQL Server Management Studio > Security > Logins.Double-click NT AUTHORITY\SYSTEM > Server Roles, check the sysadmin role > OK. |
Warning
If you are using one SQL Server to host multiple DPM databases, the administrators of each of the DPM servers has access to the databases of the other DPM servers.
See Also