Security Considerations for End-User Recovery
Applies To: System Center Data Protection Manager 2007
You can enable end-user recovery for file data, but not for application data. Use only domain-based security groups for permissions to files and folders on which you plan to enable end-user recovery. DPM cannot guarantee consistency between end-user access to data on protected computers and end-user access to recovery points of that data on the DPM server if you rely on local security groups.
For example, if the set of users included in the protected computer's local Users group differs from the set of users included in the DPM server’s local users group, different sets of users will have access to the data on the protected computer and to the recovery points of that data.