Our policy has been to lock admin accounts rather than remove them. Is
this viable for you?

On 07/08/10 05:10, Nick Laflamme wrote:

My current shop has a collective memory of "bad things happening" when old 
Admin userids are removed from TSM servers. Memories are a bit vague, and all of us have 
been doing TSM for a long time in a variety of shops, but the general anxiety is that 
removing the userids of admins who have moved on might break administrative schedules, 
copy groups, or some other key feature of TSM.

Now, of course, we have auditors breathing down our necks that we need to clean 
up and secure our servers. I can't say that I blame them, but there is this 
pesky collective memory to deal with. I looked in both the TSM 5.5 
administrative Guide and the Reference but didn't find any warnings about side 
effects of removing administrators.

So, my question to the collective wisdom of the group is,

Does anyone else remember bad side effects of removing admins in TSM, and if 
so, is there a corresponding clear memory of when this was fixed in ADSM/TSM, 
or is it still an issue?

(For my first pass, I have used the CHG_ADMIN column in several tables to find 
out who last updated several kinds of key system resources. If an admin isn't 
listed in any of those tables on a server, I've gone ahead and removed him or 
her.)

Thanks,
Nick

--
-- Skylar Thompson (skylar2 AT u.washington DOT edu)
-- Genome Sciences Department, System Administrator
-- Foege Building S048, (206)-685-7354
-- University of Washington School of Medicine