Environment
W2K3 SP2 with NBU 6.5.3
We have modified the bp.conf, auth.conf
I know NBAC can archive the objective.
But I don't want to introduce another component into NetBackup, which is NBAC.
We just want very very simple kind of Operator access via NB-Java GUI.
Would like to share with u what we have done to limit the Operator Access.
First, we created an Operator Account on the NetBackup Server 2003, just given
the "User" right.
Then edit the Operator Account and disable the "RDP".
Then using Policy editor to add "Operator" into "Deny Local Logon" policy.
So, that archive our objective of "Operator" account is NOT able to RDP and
logon locally into the NetBackup Server.
Operator only can use NB-Java GUI to access NetBackup via another PC
But it doesn't work as what we though.
First, without "Administrator" right to be given to Operator Account, it does
not able to manage the media at all, for instance like robot inventory,
importing/exporting tapes, of course we have given the MM to Operator via
auth.conf
Then we have to give Operator account the "Administrator" right. But it still
doesn't work as what we though.
With the policy "Deny Local Logon = Operator", the NB-Java GUI NOT allow
Operator to logon from PC
We are in the dilemman and can not figure out is there any configuration we can
do just to archive our simple objective.
Again, in short our very simple objective
"To allow Operator Account to access NetBackup via NB-Java GUI from a PC
without RDP and can NOT physically logon to the machine locally."
Hope u could shed some light if just some simple configuration to be done
without introducing other components.
Thanks
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|