security on baclient

C

cisse

ADSM.ORG Member
Joined
Mar 22, 2006
Messages
39
Reaction score
0
Points
0
hello,

We don't want that everybody who can logon to a client also is able to start the baclient pgm and start performing restores , retrieves or maling backups. Is there a possibility to avoid this? Or the baclient may be started but then a userid/passwd defined in TSM is asked.

we have different tsm server and client versions but i don't think this is version related.

thanks for any help
 
Hi,

NTFS permissions are not enough?
What you can do is to use "passwordaccess prompt" in your dsm.opt file, but in that case you may not be able to perform scheduled backups (run your scheduler service).

Harry
 
thanks for your reaction

do you mean by ntfs permissions the windows security?
For soxs reasons nobody else then the tsm admins and helpdesk for some user data restores may perform the restores. So everyone who has access to a client can startup the baclient and launch restores.
passwordaccess prompt : we use tsm schedules so we can't put it in the opt file
 
Hi,

I meant only administrator (and members of defined group) can have Read/Execute permission for the dsm.exe and dsmc.exe.

Another thing you may consider is to use webclient for helpdesk restores - in that way they only need TSM user and password and do not need windows account (access to the server) at all.

Harry
 
helpdesk : indeed we use that already they don't have to access the client
administrator : that's correct but we don't want them to have access to dsm.exe and dsmc.exe They may have access but when they receive the view (backup-restore and archive-retrieve) they have to provide a userid (known in tsm) and passwd before they can get further in this pgm. They won't because they don't have a user in TSM.
 
Hi,

if you use scheduled backups (and therefore have your password saved - in encrypted file or in the registry) then you are newer asked for TSM password when running the dsm.exe or dsmc.exe programs. So OS security is the only thing left.

Read this - maybe you can find what are you looking for
http://www.redbooks.ibm.com/redbooks/pdfs/sg247505.pdf

Harry
 
thanks i hoped for a tsm solution now i have to talk with our os team.

have a nice day and thank you for the quick reactions
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,971
Messages
135,441
Members
21,949
Latest member
tsheli
Back
Top