Grant user permissions


Updated: February 9, 2017

Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager

Before you begin a DPM deployment, verify that appropriate users have been granted required privileges for performing the various tasks. The following table shows the user privileges that are required to perform the major tasks associated with DPM.

User Privileges Required to Perform DPM Tasks

Task Required Privileges
Adding a DPM server to an Active Directory domain Domain administrator account, or user right to add a workstation to a domain
Installing DPM Administrator account on the DPM server
Installing the DPM protection agent on a computer Domain account that is a member of the local administrators group on the computer
Opening DPM Administrator Console Domain account that has administrator privileges on the DPM server
Extending the Active Directory Domain Services schema to enable end-user recovery Schema administrator privileges in the domain
Creating an Active Directory Domain Services container to enable end-user recovery Domain administrator privileges in the domain
Granting a DPM server permissions to change the contents of the container Domain administrator privileges in the domain
Enabling end-user recovery feature on a DPM server Administrator account on the DPM server
Installing recovery point client software on a client computer Administrator account on the client computer
Accessing previous versions of protected data from a client computer User account with access to the protected share
Recovering Windows SharePoint Services data Windows SharePoint Services farm administrator account that is also an administrator account on the front-end Web server that the protection agent is installed on
Protect SQL Server Add the system account NT Authority\SYSTEM to the sysadmin group on the SQL Server you want to protect. In SQL Server Management Studio > Security > Logins.Double-click NT AUTHORITY\SYSTEM > Server Roles, check the sysadmin role > OK.


If you are using one SQL Server to host multiple DPM databases, the administrators of each of the DPM servers has access to the databases of the other DPM servers.

See Also

Plan for DPM security