• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

Windows audit feature

swamp2k

ADSM.ORG Member
#1
Hi,
I have a windows server on which the owner would like to activate windows file auditing, however, when he does it also trigger a new full backup. So apparently some file and folder attributes change.
Anyone know if there is a way around this? Im afraid I don't quite know which attributes change in the file.

I'd like to let him use the audit feature, but triggering a full backup is a rather nasty side effect.
 

marclant

ADSM.ORG Moderator
#2
The Spectrum Protect client looks at several things to see if a file has changed or not.

Changes include any of the following:
  • File size
  • Date or time of last modification
  • Extended Attributes
  • Access Control List
  • Sparse, reparse point or encrypted file attributes.
  • NTFS file security descriptors. These are the Owner Security Identifier (SID), Group SID, Discretionary Access Control List (ACL), and System ACL.
source: https://www.ibm.com/support/knowled...0/com.ibm.itsm.client.doc/c_bac_fullpart.html

The Auditing falls under the System ACL.
upload_2017-7-17_10-33-17.png



So if this changes, the file is backed up because those attributes are part of the file, not separate from the file. Because it changed, the whole file is backed up so that if you ever have to restore those files, they will be restored with their current SACL.
 

swamp2k

ADSM.ORG Member
#4
Very nice. So I guess the big question is, what - if anything - can I do about it?
Since the ACL is an integral part of the file, maybe there isn't much to do. Or is there an option I haven't found that ignores that part of file checking?
 

marclant

ADSM.ORG Moderator
#5
There is, but in 99.9% of cases, not recommended. You could use the client option "Skipntpermissions yes"

However, if you use that option, file permissions are NOT backed up. Therefore if you restore the filesystem, all files and directories will be restored WITHOUT permissions and you or someone will have to manually go and set file permissions on the entire directory structure.

If you already enabled auditing, it's best to just bite the bullet and let it backup all files that have auditing enabled.

If you have not enabled auditing yet, maybe consider doing it for more critical directories instead of the entire filesystem.
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 7 23.3%
  • Keep using TSM for Spectrum Protect.

    Votes: 16 53.3%
  • Let's be formal and just say Spectrum Protect

    Votes: 4 13.3%
  • Other (please comement)

    Votes: 3 10.0%

Forum statistics

Threads
30,888
Messages
131,414
Members
21,194
Latest member
jamesmacd40