Hi All,
I am seeing the same kind of behaviour on a Windows 2012 cluster, which
from time to time backs-up the entire volume, without anything appently
being changed.
One of the answers I got was that there might be a group policy updating
security descriptors which triggers TSM to back them all up again.
Richard.
2013/10/11 Dwight Cook <cookde AT cox DOT net>
> What is happening when I click on "OK" when it prompts me if I want to give
> myself rights is, ~it~ is going into every file and folder and inserting my
> user id under the security tab of properties and explicitly giving me full
> control. Based on what our Intel Admins have told me, I made the
> assumption
> ~it~ was UAC because they told me it was UAC asking me if I want to
> continue
> with the operation (to simply view the folder) because I currently don't
> have explicit authority, I only have implied authority by my user id being
> an ~administrative~ id.
> There is another product within this environment, Zylab, which I'm clueless
> on but our local Intel Admins don't believe Zylab would be the cause.
> The situation is very easy to recreate... all I have to do is go out to a
> volume that I've never looked before (thus I won't have explicit permission
> to) and double click on it to open it... at that time ~something~ tells me
> I
> currently don't have rights do perform that operation and would I like to
> give myself rights (since my id is an administrative id I have the
> authority
> to do that) and I click "OK" and as I mentioned above, ~it~ goes in and
> inserts my user id explicitly on every file/folder thus "changing" it and
> tsm then backs it up next cycle.
> It is also the case that it behaves this way for any/all admins and in
> looking at the security tab I see a whole list of various admins explicitly
> listed.
> Could this be a configuration setting of UAC? (to make it put explicit
> permissions on the files)
>
> Dwight
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of
> Huebner, Andy
> Sent: Thursday, October 10, 2013 4:16 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Win2008 with UAC and backing up files that really
> didn't change... kind'a
>
> I believe you have something else happening. If that option was changing
> the ACLs of millions of files you would be very aware of that happening.
> "administrative" rights are not unlike sudo in Unix, you are assuming the
> identity of a more powerful user.
>
> It is not uncommon for admins here to do what you describe without the
> results you describe.
>
> Andy Huebner
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of
> Dwight Cook
> Sent: Thursday, October 10, 2013 2:20 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] Win2008 with UAC and backing up files that really didn't
> change... kind'a
>
> OK, so I have a file server with 6 volumes each of 2.5 TB's and each with
> 1-2.5M files on them.
>
> Under Win2008 there is this ~funk~ called UAC such that an "administrative"
> id has effective permissions to everything but not really any direct
> permission.
>
> That is, if I go into this server and under explorer I click on the top
> directory on one of the volumes it says "you don't have rights to view
> this,
> do you want to grant yourself rights?" and when I click "OK" windows goes
> out and gives my userid direct permissions to all subfolders and files.
> BUT.
> that is a change to the permissions of every directory and file and next
> incr backup, TSM backs up everything. yes, sometimes 2.5M files at 2.5 TB's
> just because some admin clicked "OK" on giving themselves permission to
> view
> things at the top folder level.
>
>
>
> Is anyone else seeing this?
>
>
>
> Dwight
>
|
