Plan for DPM security
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager
DPM operates as a high-privileged server on the network. To help ensure the security of the DPM server, the DPM security architecture relies on the security features of Windows Server 2008 and Active Directory Domain Services, SQL Server 2008, and SQL Server Reporting Services.
To maintain the DPM security architecture:
Accept all default security settings.
Do not install unnecessary software on the DPM server.
Do not change security settings after DPM is deployed. In particular, do not change SQL Server 2008 settings, Internet Information Services (IIS) settings, DCOM settings, or settings for the local users and groups that DPM creates during product installation.
A remote instance of SQL Server should not run as Local System.
If you are using one SQL Server to host multiple DPM databases, the administrators of each of the DPM servers has access to the databases of the other DPM servers.
Installing unnecessary software and changing default security settings can seriously compromise DPM security.