Strong admin password enforcement and other security questions

[Eisen]

I've got a security-related TSM question...



Any way to enforce 'strong' administrator passwords, or new passwords (i.e. disallow re-used passwords for 12 months) within TSM itself? Any plans to support this in upcoming versions? Currently running 5.2, will be upgrading to 5.3 and using the ISC in the next few months.



Thanks

 

[moon-buddy]

Have not seen any native TSM implementation of strong passwords other than having a minimum password length and expiration period.

ISC may offer what you are looking for but I don't use ISC because it is too slow for my needs.

 

[Zoleeadmin]

Hello everybody,

I have a question for you, I'm not sure if this question is right in this topic, please excuse me if not.

The question is:

-[FONT=&quot] [/FONT]which impact could we have on the backups if we remove the Domain User account from the Backup Operator group under the Administrators group on the users PC’s?

Thank You for any answer.
Ciao,
Zolee

 

[moon-buddy]

From a TSM perspective, nothing.

Unless you are using Windows NT backup/restore via a Domain Backup account to backup PCs, nothing.

 

[Eldoraan]

Re: EIsen,

We have an outstanding DCR (design change request) to TSM to allow authorization to external account manager and/or stronger internal account controls. The only feedback we've had is they *may* do something like that in the 6.x branch, but nothing concrete.