ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Restoring NT file security settings

2003-09-05 08:34:57
Subject: Re: Restoring NT file security settings
From: Zlatko Krastev <acit AT ATTGLOBAL DOT NET>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 5 Sep 2003 15:32:13 +0300 
Are you sure TSM is not indeed restoring everything but the result is
useless itself? Some arguments:
"Security" in Windows NTFS is having three modes - inherited, explicitly
specified and mixed permissions. In first mode the only security info is
"provide same access as the parent directory is providing". In second mode
there is a list of users along with set of allowed operations. In third
mode you have both - access inherited from the parent plus some explicitly
specified additions/deletions/changes to the ACL.
So what TSM will do in each case:
Mode 1: TSM will restore the "checkmarked" inheritance. It *will not*
restore parent's ACL, or the ACL of the parent's parent, ... up to the
origin of the inherited ACL. As result you have resolved ability to
inherit but not *what* to inherit.
Mode 2: that is what you probably desire. TSM will restore "no
inheritance" mode and list of defined privileges.
Mode 3: both "inheritance" mode and the explicit access will be restored.
As result the explicitly defined entities will have their access intact
but the other are left to the mercy of ACL inherited from the parent
directory.

If the whole drive is restored simultaneously, the file/directory specific
ACL elements are restored together their parents' ones. As result
inherited ACL in mode 1&3 is producing the same mixture.
Hope this ought to explain why sometimes you see the ACL "restored",
sometimes "not restored" and sometimes "partially restored".

Zlatko Krastev
IT Consultant






"Adams, Matt (US - Hermitage)" <maadams AT DELOITTE DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
30.06.2003 21:31
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Restoring NT file security settings


We are facing a similar situation as below.  If we restore a directory to
its original location, it doesn't seem to over write the NTFS permissions
of
the directory we are restoring.  This is what we want.  If we restore a
directory to some place other than the original location, it is inheriting
the permissions of the parent directory of where it is being restore. So
we
can't see what permissions for that directory should look like.

Client 5.1.5.9 - W2K server
TSM Server 5.1.6.2 - AIX 5.1

Suggestions??

Matt

...
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Restoring NT file security settings, Zlatko Krastev <=
Previous by Date:  Re: Configuration question, Zlatko Krastev
Next by Date:  trying to use the TDP for mail GUI (Domino) thru Terminal service, Lisa Laughlin
Previous by Thread:  files ---- which, Lopez Janeth
Next by Thread:  trying to use the TDP for mail GUI (Domino) thru Terminal service, Lisa Laughlin
Indexes:  [Date] [Thread] [Top] [All Lists]