ADSM-L

Re: Windows 2003 Encryption

2006-10-12 16:41:31
Subject: Re: Windows 2003 Encryption
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 12 Oct 2006 14:39:22 -0600
In theory, yes, it should work. But this is not a scenario that we 
intended to support, so it hasn't been tested. You can try it and see how 
well it works, but at this time, I can not officially recommend it.

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

IBM Tivoli Storage Manager support web page: 
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 10/11/2006 
07:47:27 PM:

> I read that APAR but it makes it sound like if the computer name is 
> the same then the key will work.  So if you exported the key and 
> then imported it on a server that you were recovering so the name 
> would be the same would it work then?  Or is more than the GUID or 
> something like that used which is unique above and beyond the computer 
name?
> 
> Andrew Raibeck <storman AT US.IBM DOT COM> wrote:   No, you cannot just 
> export/import the registry key.
> 
> See the README file for the 5.3.4.x clients and look for the bullet 
titled 
> "ENCRYPTKEY SAVE requirements". Also look up APAR IC48782.
> 
> Regards,
> 
> Andy
> 
> Andy Raibeck
> IBM Software Group
> Tivoli Storage Manager Client Development
> Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
> Internet e-mail: storman AT us.ibm DOT com
> 
> IBM Tivoli Storage Manager support web page: 
> http://www.ibm.
> com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
> 
> The only dumb question is the one that goes unasked.
> The command line is your friend.
> "Good enough" is the enemy of excellence.
> 
> "ADSM: Dist Stor Manager" wrote on 10/08/2006 
> 08:44:35 PM:
> 
> > Thank you for the info. I'll look into the MS regedit for 
> > exporting/importing and see if the client wants to do this or if they 
> > will just keep the password phrase used somewhere and just use that if 

> > need be.
> > 
> > 
> > 
> > TSM_User wrote:
> > 
> > > To your question you only need the value you typed to generate the
> > key the first time. You will be prompted to type it again and it 
> > will then encrypt the key again and store it in the registry.
> > > 
> > > Entries in the registry can be exported and then imported on 
> > another server. Exporting the keys from the registry using the MS's 
> > regedit on one system and then importing them somewhere else may 
> > work but I think Andy may need to chime in on that.
> > > 
> > > Roger Silva wrote:
> > > Hi,
> > > 
> > > My client has asked me if there is a way to export the EncryptKey 
but 
> I
> > > have not found any documention talking about this. The reason for 
this
> > > I assume would be in case of a system crash. I know the EncryptKey 
is
> > > kept on both the client side in the registry and I believe on the 
> server
> > > side as well. If the system was to crash, do you still only need the
> > > Encryption Password to restore the data? Would this be just as if 
you
> > > did not use the "SAVE" option and instead you used the "PROMPT" 
> option?
> > > 
> > > 
> > > Thanks again for your info.
> > > 
> > > Roger
> > > 
> > > 
> > > 
> > > ---------------------------------
> > > Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. 
> > Great rates starting at 1¢/min.
> > > 
> 
> 
> 
> ---------------------------------
> Get your own web address for just $1.99/1st yr. We'll help. Yahoo! 
> Small Business.

<Prev in Thread] Current Thread [Next in Thread>