ADSM-L

Re: Windows 2003 Encryption

2006-10-06 13:09:44
Subject: Re: Windows 2003 Encryption
From: Roger Silva <rogsilva AT STANFORD DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 6 Oct 2006 10:08:41 -0700
Andrew,

I changed the parameters per you email and it worked.  Thank you very much.

I do, however, have one more question.  My client has asked me if there
is a way to export the EncryptKey but I have not found any documention
talking about this.  The reason for this I assume would be in case of a
system crash.  I know the EncryptKey is kept on both the client in the
registry and I believe on the server side as well.  If the system was to
crash, do you still only need the Encryption Password to restore the
data?  Would this be just as if you did not use the "SAVE" option and
instead you used the "PROMPT" option?


Thanks again for your info.

Roger



Andrew Raibeck wrote:

It isn't the encryption of one file that is the issue, it's the syntax of
the include.encrypt line. They way it currently reads:

Include.Encryption "D:\1TSMTEST\test spreadsheet.xls\...\*"

says to encrypt all files in the "D:\1TSMTEST\test spreadsheet.xls"
directory.

I also just noticed you said "include.encryption" instead of
"include.encrypt".

Try:

include.encrypt "d:\1tsmtest\test spreadsheet.xls"

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

IBM Tivoli Storage Manager support web page:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

Roger Silva <rogsilva AT stanford DOT edu> wrote on 10/05/2006 02:11:36 PM:


Andy,

The main directory in D:\1TSMTEST, spreadsheet.xls is just a file within


that directory that we are trying to do a test encryption on.

Let me also state that the TSM Software is installed on the C: drive
along with all the other software, the D: drive is the Data drive and
only stores the data needed to be backed up.  Ultimately, the client
wants ALL-LOCAL drives  (C: and D:) Encrypted and backed up.

I will make the fix the my exclude.backup line.  Thanks.

I don't know if only encrypting one file is the issue or not?

Rog


Andrew Raibeck wrote:


Do you actually have a directory called "test spreadsheet.xls" ?

Probably not contributing to the issue, but your exclude.backup

statement

should be corrected to read:

exclude.backup *:\...\*

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

IBM Tivoli Storage Manager support web page:
http://www.ibm.

com/software/sysmgmt/products/support/IBMTivoliStorageManager.html

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 10/05/2006
01:33:08 PM:



My client is running Windows 2003 client OS Version 5.02  and our TSM
server is 5.1.6.3

We are trying to use the TSM Encryption Options but we are running

into

some issues.

We have the Encryption lines in the dsm.opt file:

ENCRYPTIONTYPE   AES128
ENCRYPTKEY   SAVE

Exclude.Backup "*\...\...\*"
INCLUDE "D:\1TSMTEST\...\*"
Include.Encryption "D:\1TSMTEST\test spreadsheet.xls\...\*"

But when the client invokes a backup, it does not ask for the

encryption

password the first time.

Is this version of windows with the version of the TSM server we are
running not supported or is there some other fix needed in the dsm.opt

file?


Thanks,
Roger


P.S.  I have been successful with this exercise using Windows XP

client

OS version 5.01 and TSM Version 5.1.6.3