SUMMARY
This article explains how to configure access restrictions for Microsoft Exchange file level recovery.
ISSUE
Version 10.1 introduces the option to create credentials for Microsoft Exchange file level recovery objects and restrict access to these recovery objects to specific hosts.
RESOLUTION
To configure access restrictions, log on to the appliance via ssh and follow the instructions below:
TASKS
To configure access restrictions
1. Create a user list:
/usr/bp/bin/exchange_settings.sh user <enter one or more users>
You will be prompted to create a password for each new user.
2. Create a host list:
/usr/bp/bin/exchange_settings.sh host <enter one or more hosts>
A host can be entered as either an IP address or a hostname that is resolvable from the appliance. You will only be able to access the recovery object from the hosts specified in this list.
Other commands
To view users:
/usr/bp/bin/exchange_settings.sh user
To view hosts:
/usr/bp/bin/exchange_settings.sh host
To re-enable guest access for users:
/usr/bp/bin/exchange_settings.sh user guest
To re-enable guest access for hosts:
/usr/bp/bin/exchange_settings.sh host guest
To reset a password:
/usr/bp/bin/exchange_settings.sh pass <enter a user>
You will prompted to create a new password for the user you selected.
To append a user list:
/usr/bp/bin/exchange_settings.sh user <enter one or more users, including all previously created users>
You will be prompted to create passwords for the new users you have added to the list.
To append a host list:
/usr/bp/bin/exchange_settings.sh host <enter one or more hosts, including all previously added hosts>
A host can be entered as either an IP address or a hostname that is resolvable from the appliance.
NOTES
- If you modify users or passwords in the exchange_settings.sh script while the recovery object is still running, these new credentials will not be recognized until you tear down the recovery object and stand it back up.
- Users that are no longer included in the user list may continue to have access until the relevant authentication tokens expire.