ADSM-L

Re: Problems with WinNT...

1997-09-07 15:20:21
Subject: Re: Problems with WinNT...
From: Daniel Thompson <thompsod AT USAA DOT COM>
Date: Sun, 7 Sep 1997 14:20:21 -0500
Gretchen,

  Below is a copy of the reply that I sent you earlier in the week.  I do
not believe that giving the 3 rights we have discussed will give you the
ability to have your non-admin users backup the registry.  I am basing this
opinion on experimentation.  If you are willing to give your users the 3
rights for incrementals, but still require a registry backup, then perhaps
some of the solutions listed below will be acceptable.  With your users
logged on when they kick off a backup you might simply wish to make a
script to use the AT command to schedule an incremental with registry
backup and also a backup of the registry files for the current user.  This
would require the scheduler service to be started and to be running with an
ID with administrative authority.  (The default system account works fine
at our installation).

Good luck,
  Dan T.

********************************************************************
Gretchen,

  To allow a user to backup and recover files using ADSM without granting
them admin authority they must have the following user rights.
  Backup Files
  Restore Files
  Manage Auditing and Security Logs

I got this from one of the readme files with the current PTF.  I tried it
and it does work, however the non-admin ID I granted this authority was not
able to backup the registry still.  The reason for this at our installation
is that we use a NT policy that prevents any non-admins from editing the
registry.  You may or may not still have this problem.

There is a work around, if you really desire a backup of the registry.
Grant your users the above rights and add backupreg NO to the options file.
 When they run their backups they will NOT backup the current registry.  In
order to get a reasonably current copy of the registry you can do 1 of
several things.
1) Run a daily script using either the NT or ADSM scheduler that runs a
DSMC REGBACK ENTIRE -password=xxxx command.  This will backup the registry
despite the BACKUPREG NO options.
2) Run a daily script using the NT scheduler that runs the REGBACK utility
to backup the registry to a location on the hard drive.  When your users
run their backups you will get that registry backup.

Let us know what you think of these options.

Good Luck,
  Dan T.

----------
> From: Gretchen L. Thiele <GRETCHEN%PUCC.BITNET AT VM.MARIST DOT EDU>
> From: Gretchen L. Thiele <GRETCHEN%PUCC.BITNET AT VM.MARIST DOT EDU>
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: ADSM errors on NT platforms
> Date: Wednesday, September 03, 1997 9:57 AM
>
> Using BACKUPREG NO in the options files allows the general (non-admin)
> user to initiate the backup, but each file is now a failure, resulting
> in an '(F) Access Denied' message in the backup window. Thanks for the
> suggestion, though.
>
> More on the problem - it is NOT an NTFS problem, since the user can copy
> files from other sources to the hard drive. The NTFS permissions are set
> so that there is global write authority.
>
> Gretchen L. Thiele
> Systems Programmer
> Princeton University CIT
> 87 Prospect Ave.
> Princeton, NJ 08544
>
> ----------------------------Original message----------------------------
>
>
> From: Peter Thomas@MANULIFE on 09/03/97 10:20 AM
> Wouldn;t the other option tehn be to have the options set so that the
suer
> didn;t do the backup regisrtry when they run ADSM?
>
> -    BACKUPREG NO in DSM.OPT
> or
> -    -BACKUPREG=NO on the command line

----------
> From: Gretchen L. Thiele <GRETCHEN%PUCC.BITNET AT VM.MARIST DOT EDU>
> From: Gretchen L. Thiele <GRETCHEN%PUCC.BITNET AT VM.MARIST DOT EDU>
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Problems with WinNT...
> Date: Friday, September 05, 1997 2:00 PM
>
> I'm still unable to make the now privileged 32-bit client back up
> the registry on the way to performing an incremental backup on
> demand. The readme says the following:
>
> *Be aware, however, that in order to backup/restore NTFS files
> *the account MUST posses the following User Rights:
> *
> *      - SeBackupName   (Backup Files)
> *      - SeRestoreName  (Restore Files)
> *      - SeSecurityName (Manage Auditing and Security Logs)
> *
> *Attempting to backup/restore NTFS files or the NT Registry without
> *these privileges will cause Access Denied error message to be displayed.
>
> I still get 'ANS7643E An error occurred saving the registry key'
> followed by 'ANS7641E Registry Backup failed' and finally,
> 'Active object not found.'
>
> I'm still at level 0.5 (and the readme is from level 0.5), but I
> suspect I'll still have the problem if I upgrade the client to 0.6.
>
> Does anyone know what I still need, without giving away admin rights?
> Thanks!
>
> Gretchen L. Thiele
> Systems Programmer
> Princeton University CIT
> 87 Prospect Ave.
> Princeton, NJ 08544
<Prev in Thread] Current Thread [Next in Thread>