ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Plea for ammo-

1999-10-07 18:56:18
Subject: Re: Plea for ammo-
From: Trevor Foley <Trevor.Foley AT BANKERSTRUST.COM DOT AU>
Date: Fri, 8 Oct 1999 08:56:18 +1000 
G'day,

I'll offer the opposite argument.

I am responsible for the ADSM servers at our site. There are over 200 NT 
servers at ADSM clients, and I don't have, need, or want, admin rights to them. 
The same applices to all of our Unix boxes.

We have a Unix support group and an NT support group. If there is a problem 
with the ADSM client configuration, it is their responsibility to fix it. Yes, 
there are times when I need to step in and help, but it is the client people 
who do the work, and are ultimately responsible for the ADSM client 
configuration.

Someone needs admin rights on the NT box to setup/support ADSM. But it doesn't 
have to be the ADSM server administrator.


regards,

Trevor

> -----Original Message-----
> From: Nathan King [mailto:nathan.king AT USAA DOT COM]
> Sent: Friday,8 October 1999 0:56
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: Plea for ammo-
>
>
> Lisa,
>
> I am with you on this. I believe that you do need Admin rights.
> A lot of the problem lies with the way that Microsoft has
> setup the security
> system on NT.
>
> Although you can do certain tasks being a Backup Operator or
> an Account
> Operator you really can't accomplish much unless you are an
> administrator.
>
> You can't run dsmcutil unless you are a member of the local
> admins group. I
> run dsmcutil two or three times a day here, sometimes even more.
>
> If you decided to logon at a command prompt interactively and
> try dsmc i, it
> will fail unless you are a member of local admins. This is
> because the user
> right "Manage Audit and Security logs" (which ADSM requires
> to backup the
> registry) is only given by default to the Administrators group.
>
> If you are not an administrator you will not be able to
> measure performance
> data. Again by default this is only given to administrators.
> So you can
> forget looking into performance problems.
>
> Sure you can create a group and assign it the appropriate
> user rights and
> make yourself a member, but in a large enterprise it just
> gets too messy.
> Besides that, user rights aren't comprehensive or definitive
> in all cases.
> For instance Administrators can perform certain activities
> regardless of
> their user right settings.
>
> My guess why your NT admin doesn't want to make you an
> administrator is not
> because he doesn't trust that you won't peruse confidential
> data - you're an
> ADSM admin - you can see all the data you want. He's probably
> worried that
> you could inadvertently break something, since administrators
> do have the
> ability to wreck havoc. Unfortunately you're in the
> predicament though that
> unless you're an administrator you won't be able to do your
> job. I don't
> know what the big deal is - if they've made you root on the
> AIX systems you
> already have the ability to destroy the Unix environment. If
> they trust you
> to manage a far more complex and less forgiving O/S such as
> Unix, then why
> can't they trust you with NT?
>
> Nathan
>
>
>
>
>
>
>
>
>
>
>
>
>
>         -----Original Message-----
>         From:   Lisa Cabanas [SMTP:CABANL AT MAIL.MODOT.STATE.MO DOT US]
>         Sent:   Thursday, October 07, 1999 8:43 AM
>         To:     ADSM-L AT VM.MARIST DOT EDU
>         Subject:        Plea for ammo-
>
>         I have just entered the world  of ADSM (been in this
> position six
> weeks), and I
>         am now embroiled in a holy war with my current
> supervisor over NT
> admin rights.
>         I have access to all of the data that we back up-- I
> am the ADSM
> admin- I hold
>         the key to the BIG DOOR, so you wouldn't think that
> this would be an
> issue (but
>         it is).  My supervisor thinks that I can do my job efficiently
> without having
>         admin rights on the NT server clients.  I have root
> to all the AIX
> ADSM servers.
>         Would you kind, experienced gurus, who have been in
> the real world
> (read-- NOT
>         state government) please provide me the ammunition to
> bolster my
> argument that I
>         should have admin access to the NT boxen?  The thing
> that really
> sucks is that
>         our manager has already told him I needed the access
> to do my job.
> That was
>         three weeks ago, and nothing has changed.  My frustration is
> reaching a level of
>         which I am unwilling to accept. And I am willing to push the
> envelope for a
>         short time, but I'll be looking for a new job
> *really* soon if I
> can't get this
>         resolved.
>
>         tia
>         lisa
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 1 Schedule with different day's, Kelly J. Lipp
Next by Date:  Re: When will ADSM be ndmp compliant?, Steve Harris
Previous by Thread:  Re: Plea for ammo-, Prather, Wanda
Next by Thread:  Re: Plea for ammo-, Allen S. Rout
Indexes:  [Date] [Thread] [Top] [All Lists]