We all know and love Veeam because it truly is an innovative product with lots of great features. I upgraded to Veeam v5 in hopes that one little tid-bit would be fixed, File Level Restore (FLR).
Currently, our company's veeam backup server runs on a Windows Server 2008 R2 VM. After having Veeam running for 8 days, we finally got a ticket that said we needed to restore a file back on our file share server. Ok, no problem. I fire up Veeam B&R, drill down to the file, browse to the folder and replace the deleted file. 2 minutes later I get an angry email about the file being READ-ONLY and how this should never happen, blah blah blah.
I noticed that the permissions weren't being copied over. I did some research and saw this Veeam Forum post http://ow.ly/30snx using the Microsoft KB article here: http://support.microsoft.com/kb/310316. But this fix only applies to Windows 2003 and XP.
The reghack as follows:
# Locate and then click the following registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
# On the Edit menu, click Add Value, and then add the following registry value:
Value name: ForceCopyAclwithFile
Data type: DWORD
Value data: 1
I rebooted the Veeam server, re-started the process over and tried moving it from the Windows Explorer window. The permissions were still not being kept. This seems to be a problem with Windows Server 2008 because it won't even inherit the folders permissions when copied over. As told by @Gostev in my forum post: Indeed, it looks like Microsoft had removed this registry setting in Windows 2008 R2.
This issue has come up in Veeam support before, so luckily there is a hidden registry setting within Veeam v5. Per @Gostev: Kendrick, this totally escaped my head due to the pre-release rush, but thinking more about this I now remember that I did bring this up with development earlier already, and they did implement the option to preserve permissions for Windows restore. But, because it was implemented very late in the release cycle, we did not have time to add it in UI. So, we decided to hide this in the registry instead.
To add the registry key:
- Start -> Run -> regedit
- HKEY_LOCAL_MACHINE\SOFTWARE\VeeaM\Veeam Backup and Replication
- Right Click -> New -> DWORD (32-bit) Value
- Value Name: FLRPreservePermissions
- Value Data: 1
Now we can Restore guest Files (Windows) and choose our date.
Drill Down to our file and take a look at the permissions on this exact file
Copy the file to our destination. In this case I chose the Veeam desktop, and verify the permissions were the same on both ends.
This is a temporary work around and I expect that this will be in the GUI for the next release. In my opinion, this is a huge downfall to the product because 9 times out of 10 the only kind of restores administrators normally do are retrieving files from a user's mistake. Whether it's a deletion of a file or a corruption, single file level restore is a primary role in any backup product. I'm a big fan of Veeam, but I believe simple file level recovery, with permissions in tact, should be a core functionality of any backup software.