Skip to main content
BlueXP backup and recovery
Azure
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Prerequisites for importing from the Plug-in service into BlueXP backup and recovery

Contributors amgrissino
PDFs

If you are going to import resources from the SnapCenter Plug-in service for Microsoft SQL Server into BlueXP backup and recovery, you'll need to configure a few more items.

Create working environments in BlueXP Canvas first

If you are going to import resources from SnapCenter, you should create working environments in BlueXP Canvas for all on-premises SnapCenter cluster storage first before importing from SnapCenter. This ensures that host resources can be discovered and imported correctly.

Ensure host requirements to install the SnapCenter Plug-in

To import resources from the SnapCenter Plug-in for Microsoft SQL Server, ensure host requirements to install the SnapCenter Plug-in for Microsoft SQL Server are met.

Check specifically for the SnapCenter requirements in BlueXP backup and recovery prerequisites.

Disable User Account Control remote restrictions

Before you import resources from SnapCenter, disable User Account Control (UAC) remote restrictions on the SnapCenter Windows host. Disable UAC if you use a local administrative account to connect remotely to the SnapCenter Server host or the SQL host.

Security considerations

Consider the following issues before disabling UAC remote restrictions:

  • Security risks: Disabling token filtering can expose your system to security vulnerabilities, especially if local administrative accounts are compromised by malicious actors.

  • Use with caution:

    • Modify this setting only if it is essential for your administrative tasks.

    • Ensure that strong passwords and other security measures are in place to protect administrative accounts.

Alternative solutions

  • If remote administrative access is required, consider using domain accounts with appropriate privileges.

  • Use secure remote management tools that adhere to best security practices to minimize risks.

Steps to disable User Account Control remote restrictions

  1. Modify the LocalAccountTokenFilterPolicy registry key on the SnapCenter Windows host.

    Do this by using one of the following, with instructions next:

    • Method 1: Registry Editor

    • Method 2: PowerShell script

Method 1: Disable User Account Control by using the Registry Editor

This is one of the methods that you can use to disable User Account Control.

Steps

  1. Open the Registry Editor on the SnapCenter Windows host by doing the following:

    1. Press Windows+R to open the Run dialog box.

    2. Type regedit and press Enter.

  2. Navigate to the Policy Key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  3. Create or modify the DWORD value:

    1. Locate: LocalAccountTokenFilterPolicy

    2. If it doesn't exist, create a new DWORD (32-bit) Value named LocalAccountTokenFilterPolicy.

  4. The following values are supported. For this scenario, set the value to 1:

    • 0 (Default): UAC remote restrictions are enabled. Local accounts have filtered tokens when accessing remotely.

    • 1: UAC remote restrictions are disabled. Local accounts bypass token filtering and have full adminsistrative privileges when accessing remotely.

  5. Click OK.

  6. Close the Registry Editor.

  7. Restart the SnapCenter Windows host.

Example registry modification

This example sets LocalAccountTokenFilterPolicy to "1", disabling UAC remote restrictions.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"LocalAccountTokenFilterPolicy"=dword:00000001

Method 2: Disable User Account Control by using a PowerShell script

This is another method that you can use to disable User Account Control.

Caution Running PowerShell commands with elevated privileges can affect system settings. Ensure you understand the commands and their implications before running them.
Steps

  1. Open a PowerShell window with administrative privileges on the SnapCenter Windows host:

    1. Click on the Start menu.

    2. Search for PowerShell 7 or Windows Powershell.

    3. Right-click on that option and select Run as administrator.

  2. Ensure that PowerShell is installed on your system. After installation, it should appear in the Start menu.

    Tip PowerShell is included by default in Windows 7 and later versions.

  3. To disable UAC remote restrictions, set LocalAccountTokenFilterPolicy to "1" by running the following command:

    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -Type DWord

  4. Verify that the current value is set to "1" in LocalAccountTokenFilterPolicy` by running:

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy"

    • If the value is 1, UAC remote restrictions are disabled.

    • If the value is 0, UAC remote restrictions are enabled.

  5. To apply the changes, restart your computer.

Example PowerShell 7 commands to disable UAC remote restrictions:

This example with the value set to "1" indicates that UAC remote restrictions are disabled.

# Disable UAC remote restrictions

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -Type DWord

# Verify the change

Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy"

# Output

LocalAccountTokenFilterPolicy : 1