ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Windows rights

2004-11-24 04:22:25
Subject: Windows rights
From: Steve Harris <Steve_Harris AT HEALTH.QLD.GOV DOT AU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 24 Nov 2004 15:38:30 +1000 
Hello  all.

I'm currently trying to work out the security implications and set up for TSM 
on the windows platform.

We are going to install 20 or so major TSM servers and 50 or more minor ones.  
The organization is best characterized as a loose confederation of warring 
tribes, with each of the 20 major sites having a semi autonomous IT 
function, and each wants to protect it turf.

So, the people in the biggest datacentre, who will provide TSM 3rd level 
support, are insisting the the windows servers in the field are locked down and 
completely managed from a central point.  

The regional people are expecting to have admin rights on the windows servers.

Now we are talking Windows 2003 Standard edition here.  The central guys would 
have us use AD and the regional guys would have us use NDS.

The TSM policies and security will be distributed from a central TSM management 
server, so that's not the issue. 

Thanks for listening so far.  What I would like to know is - what rights over 
the Windows box do you give to your local administrators if any?  What is the 
impact of them having no rights whatever on the server? (the only thing I've 
been able to find is the ability to label tapes which either needs TSM "system" 
level access or can  be run as a utility from the local machine).  How do NDS 
shops deal with the leakage of windows admin rights to multiple people?

Many thanks.

Steve


Steve Harris 
TSM Admin
Queensland Health, Brisbane Australia





     



***********************************************************************************
This email, including any attachments sent with it, is confidential and for the 
sole use of the intended recipient(s).  This confidentiality is not waived or 
lost, if you receive it and you are not the intended recipient(s), or if it is 
transmitted/received in error.

Any unauthorised use, alteration, disclosure, distribution or review of this 
email is prohibited.  It may be subject to a statutory duty of confidentiality 
if it relates to health service matters.

If you are not the intended recipient(s), or if you have received this email in 
error, you are asked to immediately notify the sender by telephone or by return 
email.  You should also delete this email and destroy any hard copies produced.
***********************************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Windows rights, Steve Harris <=
Previous by Date:  EXPORT TO SERVER - wont, Zoltan Forray/AC/VCU
Next by Date:  Why is %Migr higher than %Util?, Steve Schaub
Previous by Thread:  EXPORT TO SERVER - wont, Zoltan Forray/AC/VCU
Next by Thread:  Why is %Migr higher than %Util?, Steve Schaub
Indexes:  [Date] [Thread] [Top] [All Lists]