Protecting Computers on Untrusted Domains
Applies To: System Center Data Protection Manager 2010
Installing Agents on Computers on Untrusted Domains
You can install a DPM protection agent on a computer using DPMAgentinstaller.exe (DPMAgentInstall_X64.exe) from the DPM setup DVD.
After installing the agent, you need to run SetDpmServer and specify the local user credentials which would be used for authentication. A local user account will be created and the DPM protection agent would be configured to use this account for authentication.
Syntax: SetDpmServer.exe -dpmServerName <serverName> -isNonDomainServer -userName <userName>
| Parameter | Description |
|---|---|
-IsNonDomainServer |
Specifies that this server is in a workgroup or an untrusted domain. |
-UserName |
Creates an NT user account with the specified username for this server to communicate with DPM server. This option should be used along with -IsNonDomainServer. |
-ProductionServerDnsSuffix |
In case there are multiple DNS suffixes configured for this server, ProductionServerDnsSuffix represents the DNS suffix which DPM server will use to communicate with this server. |
-DpmServerName |
Name of the DPM server. FQDN if DPM server and protected computer are accessible to each other using FQDNs. NETBIOS if DPM server and protected computer are accessible to each other using NETBIOS names. |
Attaching a Computer on an Untrusted Domain to the DPM Server
The steps to attach a computer on an untrusted domain using DPM Administrator Console are as follows.
Start the Protection Agent Installation Wizard from the DPM Administrator Console.
Select Attach and click Next.
Enter the computer name, user name and password for the computer you want to attach to. This should be the same as the login credentials specified during agent installation on that computer. Click Next.
Review the information on the Summary page and click Install if the information is correct. Click Close once the attach action is successful.
Attaching Computers using DPM Management Shell
You can also attach a computer on an untrusted domain through DPM Management shell using Attach-NonDomainServer script.
Syntax: Attach-NonDomainServer.ps1 -DPMServername [Name of DPM server] -PSName [Protected computer] -Username [username]
This script registers the specified computer to be protected with this DPM computer, creates a local user account using the specified credentials and configures DPM to use these credentials to authenticate to the computer.
Important
DPM agent must be installed and SetDpmServer.exe must be run on the computer, before attaching the computer to DPM server using the DPM Administrator Console or Management shell.
Important
If you use NetBIOS name of the DPM server in the SetDPMServer command, you must use the NetBIOS for the protected computer also during attach and vice versa if you are using FQDN.