Veeam Backup Enterprise Manager streamlines delegation of restore capabilities: instead of multiple role assignments and restore scope fine-tuning, Enterprise Manager administrator can provide users that have local administrator rights on a Windows-based machine with a link to Self-Service File Restore Portal — a web UI that displays the controls for file-level restore of the protected machines.
This capability is supported by the Veeam’s runtime process which performs guest system indexing and also identifies local administrative accounts. Communication with the self-service web page is performed over the HTTPS protocol. In particular, such delegation capabilities and self-service web portal can be used in enterprise deployments to elevate the 1st line support to perform in-place restores without administrative access.
Considering the Limitations
Consider the following:
To provide a user account with the ability to access the Self-Service File Restore Portal UI and functionality, make sure the following prerequisites are met:
- The account belongs to the trusted or same domain as the Enterprise Manager server (for the user account to be resolved to SID). Users from untrusted domains cannot utilize self-restore.
- The account has local administrative rights for the required machine guest OS, local user rights are insufficient.
A Self-Service File Restore Portal user has access only to restore points created after the user is assigned with local administrator rights.
Machine restore points will stay available for self-restore to a user account whose local administrative rights were revoked after the restore point creation until the next restore point is created (then that user will not be able to access guest files any longer).
Browsing Guest OS Files Through Self-Service Portal
To access the guest files in a machine backup:
- Start the Self-Service File Restore Portal by clicking its icon in the list of applications or on the Desktop; alternatively, in the web browser address bar, enter the corresponding URL, for example:
- Enter the account credentials to log in. Use the DOMAIN\USERNAME format to specify the user name. The Files tab will open. By default, it displays guest OS files as of the latest restore point of the machine to which you logged in with local administrative rights.
- To view guest files as of earlier restore point, click the calendar icon and select the restore point. To view guest files of another machine (if available to you), use the Search field or the Pick from List link.
- You can perform all operations supported for machine guest files by Veeam Backup Enterprise Manager. For more information on file browsing, search and restore, see Browsing Machine Backups for Guest OS Files, Searching Machine Backups for Guest OS Files, Performing 1-Click File Restore.
If no guest OS files are visible to the user, check the following reasons:
- A Veeam backup server managing the corresponding job was not added to Enterprise Manager. For more information on how to add a Veeam backup server, see Adding Veeam Backup Servers.
- The recent backup job data has not been yet collected from a Veeam backup server (default time interval is every 15 min). For more information on how to run data collection manually, see Collecting Data from Backup Servers.
- The Enable guest file system indexing option was turned off in the machine backup job. Edit the job setting and restart the job with indexing enabled.
- When the machine restore point was created, the user was not assigned local administrative rights. To access the guest OS files the user must be a part of the guest OS local administrator group.
If you can not find your machine from the Pick from List window, you can select the I don't see my machine option to rebuild a security scope for your user account. Once complete, this action will reveal machines that were added to your security scope.