ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Windows NT Security

1998-08-13 10:53:07
Subject: Windows NT Security
From: Pete Tanenhaus <tanenhau AT US.IBM DOT COM>
Date: Thu, 13 Aug 1998 10:53:07 -0400 
The user rights/privileges mentioned in the readme file are required for
backing up and restoring NTFS
security descriptors and the registry.

Every NTFS object has four security descriptors.

Two are security identifiers or SID's, which identify the primary account
(owner SID) and group owner (GROUP SID) of the object.

The other two are access control lists or ACL's, which describe how on object
may be accessed or audited.

A discretionary ACL describes how an NTFS object may be accessed (read, write,
etc.) and by whom (what accounts or groups).

A system ACL describes how an NTFS object is audited.

The first three types of security descriptors may be accessed by an owning
account/group regardless of privilege level.

They may accessed by a non-owning account/group which has the Backup/Restore
files user rights.

System ACL's may only be accessed by accounts/groups which have the Manage
Auditing and Security Log
user right regardless of ownership.

The scheduler service normally runs as the local system account, which by
default has all of the above user rights.

The local system account does not, however, have any type of domain authority,
so if domain resources (network drives)
need to be accessed by the scheduler, the service must be logged on as a domain
authorised account (which must have
the above three user rights).

Hope this helps answer your questions ....


Pete Tanenhaus
ADSM Client Development

---------------------- Forwarded by Pete Tanenhaus/San Jose/IBM on 08/13/98
3/98
10:22 AM ---------------------------


ADSM-L AT VM.MARIST DOT EDU on 08/13/98 06:26:59 AM
Please respond to ADSM-L AT VM.MARIST DOT EDU
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Windows NT Security


Not being real familiar with Windows NT Security I was wondering if someone
could answer a question for me about NT security as is relates to ADSM.  In
the ADSM README files for the backup client it says the NT user must have
rights to backup files, restore files, and manage audit and security logs.
I assume that means they must have a Backup Operators designation in NT
security?  The 2nd issue is the ADSM scheduling service.  Our NT person
here asked what NT user id the DSMC SCHED task for ADSM uses.  Can someone
tell me what security needs to be in place for users and the ADSM
scheduler?

Thanks,
Jeff Connor
Niagara Mohawk Power
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ADSM Server API, Andrew Raibeck
Next by Date:  V3 client with AIX 431 and polling/prompted mode, Pascal DESTOUCHES
Previous by Thread:  Re: Windows NT Security, Andrew Raibeck
Next by Thread:  BAre Metal Restore for OS/2 with V3 client, Jerry Lawson
Indexes:  [Date] [Thread] [Top] [All Lists]