ADSM-L

Re: Windows 2003 Encryption

2006-10-10 10:39:32
Subject: Re: Windows 2003 Encryption
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 10 Oct 2006 08:38:14 -0600
No, you cannot just export/import the registry key.

See the README file for the 5.3.4.x clients and look for the bullet titled 
"ENCRYPTKEY SAVE requirements". Also look up APAR IC48782.

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

IBM Tivoli Storage Manager support web page: 
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 10/08/2006 
08:44:35 PM:

> Thank you for the info.  I'll look into the MS regedit for 
> exporting/importing and see if the client wants to do this or if they 
> will just keep the password phrase used somewhere and just use that if 
> need be.
> 
> 
> 
> TSM_User wrote:
> 
> > To your question you only need the value you typed to generate the
> key the first time. You will be prompted to type it again and it 
> will then encrypt the key again and store it in the registry.
> > 
> >   Entries in the registry can be exported and then imported on 
> another server. Exporting the keys from the registry using the MS's 
> regedit on one system and then importing them somewhere else may 
> work but I think Andy may need to chime in on that.
> > 
> > Roger Silva <rogsilva AT STANFORD DOT EDU> wrote:
> >   Hi,
> > 
> > My client has asked me if there is a way to export the EncryptKey but 
I
> > have not found any documention talking about this. The reason for this
> > I assume would be in case of a system crash. I know the EncryptKey is
> > kept on both the client side in the registry and I believe on the 
server
> > side as well. If the system was to crash, do you still only need the
> > Encryption Password to restore the data? Would this be just as if you
> > did not use the "SAVE" option and instead you used the "PROMPT" 
option?
> > 
> > 
> > Thanks again for your info.
> > 
> > Roger
> > 
> > 
> > 
> > ---------------------------------
> > Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. 
> Great rates starting at 1¢/min.
> > 

<Prev in Thread] Current Thread [Next in Thread>