Hello all.
I'm currently trying to work out the security implications and set up for TSM
on the windows platform.
We are going to install 20 or so major TSM servers and 50 or more minor ones.
The organization is best characterized as a loose confederation of warring
tribes, with each of the 20 major sites having a semi autonomous IT
function, and each wants to protect it turf.
So, the people in the biggest datacentre, who will provide TSM 3rd level
support, are insisting the the windows servers in the field are locked down and
completely managed from a central point.
The regional people are expecting to have admin rights on the windows servers.
Now we are talking Windows 2003 Standard edition here. The central guys would
have us use AD and the regional guys would have us use NDS.
The TSM policies and security will be distributed from a central TSM management
server, so that's not the issue.
Thanks for listening so far. What I would like to know is - what rights over
the Windows box do you give to your local administrators if any? What is the
impact of them having no rights whatever on the server? (the only thing I've
been able to find is the ability to label tapes which either needs TSM "system"
level access or can be run as a utility from the local machine). How do NDS
shops deal with the leakage of windows admin rights to multiple people?
Many thanks.
Steve
Steve Harris
TSM Admin
Queensland Health, Brisbane Australia
***********************************************************************************
This email, including any attachments sent with it, is confidential and for the
sole use of the intended recipient(s). This confidentiality is not waived or
lost, if you receive it and you are not the intended recipient(s), or if it is
transmitted/received in error.
Any unauthorised use, alteration, disclosure, distribution or review of this
email is prohibited. It may be subject to a statutory duty of confidentiality
if it relates to health service matters.
If you are not the intended recipient(s), or if you have received this email in
error, you are asked to immediately notify the sender by telephone or by return
email. You should also delete this email and destroy any hard copies produced.
***********************************************************************************
|