By default, users can restore all types of files from available backups. Files can be restored to two possible destinations – a restore operator can choose to download files to the local machine or restore a file directly to the original location (that is, the original machine). For security purposes, you can configure additional restrictions for restore operations – for example, narrow the list of file types that operators can restore, or prohibit operators to download restored files.
To configure additional restrictions for restore operations, do the following when creating or editing user account settings:
- In the Allow restore of section of the Account dialog, enable the required restrictions:
- Select the Entire virtual machines checkbox to allow for restore of entire machines included in user’s restore scope.
- Select the Guest files checkbox to allow for the restore of guest OS files; the following options will then become available:
- Allow in-place file level restores only option selected will disable the Download option for users performing file restore. With this restriction enabled, users will only be able to restore files to the original location. Restored files will be available to the accounts having access to the original machine.
- Allow restores of files with these extensions only option allows you to define which file types can be restored by users. In the text box, enter list extensions for allowed file types, separated by commas.
- If this user should be able to restore Microsoft Exchange items (mail, calendars, tasks) and/or Microsoft SQL Server databases from server backups, select the corresponding check box.
- If you want to prevent user account from overriding production databases at restore, select the Deny in-place database restores (safer) check box.
- Click OK to save the settings.