Re: Windows 2003 Encryption
2006-10-12 16:41:31
In theory, yes, it should work. But this is not a scenario that we
intended to support, so it hasn't been tested. You can try it and see how
well it works, but at this time, I can not officially recommend it.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com
IBM Tivoli Storage Manager support web page:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 10/11/2006
07:47:27 PM:
> I read that APAR but it makes it sound like if the computer name is
> the same then the key will work. So if you exported the key and
> then imported it on a server that you were recovering so the name
> would be the same would it work then? Or is more than the GUID or
> something like that used which is unique above and beyond the computer
name?
>
> Andrew Raibeck <storman AT US.IBM DOT COM> wrote: No, you cannot just
> export/import the registry key.
>
> See the README file for the 5.3.4.x clients and look for the bullet
titled
> "ENCRYPTKEY SAVE requirements". Also look up APAR IC48782.
>
> Regards,
>
> Andy
>
> Andy Raibeck
> IBM Software Group
> Tivoli Storage Manager Client Development
> Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
> Internet e-mail: storman AT us.ibm DOT com
>
> IBM Tivoli Storage Manager support web page:
> http://www.ibm.
> com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
>
> The only dumb question is the one that goes unasked.
> The command line is your friend.
> "Good enough" is the enemy of excellence.
>
> "ADSM: Dist Stor Manager" wrote on 10/08/2006
> 08:44:35 PM:
>
> > Thank you for the info. I'll look into the MS regedit for
> > exporting/importing and see if the client wants to do this or if they
> > will just keep the password phrase used somewhere and just use that if
> > need be.
> >
> >
> >
> > TSM_User wrote:
> >
> > > To your question you only need the value you typed to generate the
> > key the first time. You will be prompted to type it again and it
> > will then encrypt the key again and store it in the registry.
> > >
> > > Entries in the registry can be exported and then imported on
> > another server. Exporting the keys from the registry using the MS's
> > regedit on one system and then importing them somewhere else may
> > work but I think Andy may need to chime in on that.
> > >
> > > Roger Silva wrote:
> > > Hi,
> > >
> > > My client has asked me if there is a way to export the EncryptKey
but
> I
> > > have not found any documention talking about this. The reason for
this
> > > I assume would be in case of a system crash. I know the EncryptKey
is
> > > kept on both the client side in the registry and I believe on the
> server
> > > side as well. If the system was to crash, do you still only need the
> > > Encryption Password to restore the data? Would this be just as if
you
> > > did not use the "SAVE" option and instead you used the "PROMPT"
> option?
> > >
> > >
> > > Thanks again for your info.
> > >
> > > Roger
> > >
> > >
> > >
> > > ---------------------------------
> > > Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.
> > Great rates starting at 1¢/min.
> > >
>
>
>
> ---------------------------------
> Get your own web address for just $1.99/1st yr. We'll help. Yahoo!
> Small Business.
|
|
|