Acronis security groups

On a machine running Windows, Acronis security groups determine who can manage the machine remotely and act as Acronis Backup & Recovery 10 Management Server administrator.

These groups are created when Acronis Backup & Recovery 10 Agents or Acronis Backup & Recovery 10 Management Server are being installed. During installation, you can specify what users to include in each group.

  Acronis Backup & Recovery 10 Agents  

When Acronis Backup & Recovery 10 Agent for Windows is being installed on a machine, the Acronis Remote Users group is created (or updated).

A user who is a member of this group can manage the machine remotely by using Acronis Backup & Recovery 10 Management Console, according to the management rights described in Users’ privileges on a managed machine.

By default, this group includes all members of the Administrators group.

  Acronis Backup & Recovery 10 Management Server  

When Acronis Backup & Recovery 10 Management Server is being installed on a machine, two groups are created (or updated):

Acronis Centralized Admins

A user who is a member of this group is a management server administrator. Management server administrators can connect to the management server by using Acronis Backup & Recovery 10 Management Console; they have the same management rights on the registered machines as users with administrative privileges on those machines—regardless of the contents of Acronis security groups there.

To be able to connect to the management server remotely, an administrator of the management server must also be a member of the Acronis Remote Users group.

No user—even a member of the Administrators group—can be an administrator of the management server without being a member of the Acronis Centralized Admins group.

By default, this group includes all members of the Administrators group.

Acronis Remote Users

A user who is a member of this group can connect to the management server remotely by using Acronis Backup & Recovery 10 Management Console—provided that the user is also a member of the Acronis Centralized Admins group.

By default, this group includes all members of the Administrators group.

  On a domain controller  

If a machine is a domain controller in an Active Directory domain, the names and default contents of Acronis security groups are different:

  • Instead of Acronis Remote Users and Acronis Centralized Admins, the groups are named DCNAME Acronis Remote Users and DCNAME Acronis Centralized Admins respectively; here, DCNAME stands for the NetBIOS name of the domain controller. Each dollar sign is surrounded by a single space on either side.
  • Instead of explicitly including the names of all members of the Administrators group, the Administrators group itself is included.

Tip: To ensure proper group names, you should install Acronis components in a domain controller after you have set up the domain controller itself. If the components were installed before you set up the domain controller, create the groups DCNAME Acronis Remote Users and DCNAME Acronis Centralized Admins manually, and then include the members of Acronis Remote Users and Acronis Centralized Admins in the newly created groups.

Acronis security groups