Macrium Reflect and best practices for file security
Regardless of your PC environment, leaving your backup definition files in an insecure location is bad practice. The effort required to ensure your files are secure is minimal and this doesn't impede day to day usage of Macrium Reflect.
What's the problem?
Backup definition (.xml) files are used to initiate backups either interactively by using Macrium Reflect directly, or as scheduled tasks using the Windows Tasks Scheduler. If you save your backup definitions to a publicly accessible folder then these can be edited by standard users and could potentially compromise your system. In addition, it's also possible to create batch files, either MS-DOS, PowerShell or VBScript, to automatically run during your backups as described here. A restricted user with bad intentions could easily create a batch file to run with elevated privileges when a scheduled or interactive backup runs.
The default, and recommended, location for your backup definitions is folder 'C:\users\<USER NAME>\documents\reflect'. When running Reflect for the first time this location is created and defaulted when saving. See Backup Save Options for more information on how to save your definitions.
This folder is automatically restricted for standard users and can only be accessed by Administrators and the local SYSTEM account.
To see assigned NTFS permissions right click on any folder, select 'Properties' and click the 'Security' tab:
In the above example of the default location only SYSTEM, Dev (the Macrium Reflect user) and the Administrators group can access files contained in the folder. Standard users are denied access and cannot modify or create files.
We strongly recommend that, if not using the default location. you ensure that NTFS permissions are used to prevent unauthorised modification and creation of files in your backup definition folders.
For more information on setting NTFS permissions on a folder or file please see Microsoft TechNet - How IT works NTFS Permissions
Note: A popular misconception is that backup definition files should be saved to the same folder as your backup files. This is incorrect. Backup definitions are only required to create backups and have no other purpose. They are not required for restore.