To secure your database, you must use Windows integrated security to restrict access to the VSS folders so that only authorized Windows users can access the database or run the VSS Administrator program.
The security of your VSS database is determined by the security of the folder that contains it. To implement the security described here for your VSS database, the database must be installed on an NT file system (NTFS), which is available on Windows NT 4.0, Windows 2000, Windows XP, and later. When a VSS database is installed on an NTFS volume, you can grant permissions for individual files and folders; the file allocation table (FAT) file system applies the same permissions to an entire share.
Restrict Share Permissions
When you create a shared database, it is strongly recommended that you use Windows Explorer to restrict sharing permissions for the VSS folders. You must remove the Everyone group that is added automatically when you share the VSS database folder. You can create two groups of Windows users – VSS administrators and VSS users – and grant each group appropriate permissions for the VSS database folder and the other VSS folders. Each VSS user must also be granted Read and Write permissions for the Users/username folder that corresponds to that user's VSS user name.
Manage Users
When you add or delete VSS users, you must not only use the user list in the VSS Administrator program to manage those users, but also add or remove their Windows share permissions.
