Re: [ADSM-L] TDP for SQL and UAC
2017-06-02 08:24:33
Hi Steve,
Assuming the user running the DP/SQL client has local administrator
authority, the customer can disable UAC prompts only for administrators as
described here:
http://tweaks.com/windows/39115/disable-user-account-control-uac-only-for-administrators/
Alternatively, it is possible to disable UAC only for specific programs as
described here:
http://www.winhelponline.com/blog/run-programs-elevated-without-getting-the-uac-prompt/
and here:
https://www.youtube.com/watch?v=_WcWJlm_O_k
Del
----------------------------------------------------
"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 06/01/2017
07:59:52 PM:
> From: "Harris, Steven" <steven.harris AT BTFINANCIALGROUP DOT COM>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 06/01/2017 08:01 PM
> Subject: TDP for SQL and UAC
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
> Hi All
>
> I've got a bit of a show-stopper here that I could use some help with.
>
> Previously, SQL backups have been mostly handled by dump to disk
> and backup with BA Client. Database sizes have grown over time and
> now we cannot get through the whole dump/backup cycle in a
> reasonable window, so we have been pushing to get TDP used as the
> standard backup mechanism for SQL. There are a couple of issues
> with this ; I'll be submitting an RFE for one of them shortly
> however the big one is to do with security.
>
> The TDP for SQL backup is to be run using the control-m scheduling
> tool as the backup has to run at a particular point in the
> processing cycle (also for restores as we can't afford to have a
> large restore fail because someone's RDP session timed out) . It
> must use a domain account, nothing else is permissible. When doing
> this we get a windows UAC pop-up. Again we are not permitted to
> turn off UAC.. don't worry about how reasonable that is, IT
> Security and Auditors don't cope well with arguments about
> 'reasonable' or 'low risk' it's all black and white.
>
> So, has anyone else solved this issue: run a TDP backup from a
> domain account and somehow bypass the UAC prompt without turning it
> off in a blanket fashion?
>
> Any and all suggestions gratefully received.
>
> Steve
>
> Steven Harris
> TSM Admin/Consultant
> Canberra Australia
>
> This message and any attachment is confidential and may be
> privileged or otherwise protected from disclosure. You should
> immediately delete the message if you are not the intended
> recipient. If you have received this email by mistake please delete
> it from your system; you should not copy the message or disclose its
> content to anyone.
>
> This electronic communication may contain general financial product
> advice but should not be relied upon or construed as a
> recommendation of any financial product. The information has been
> prepared without taking into account your objectives, financial
> situation or needs. You should consider the Product Disclosure
> Statement relating to the financial product and consult your
> financial adviser before making a decision about whether to acquire,
> hold or dispose of a financial product.
>
> For further details on the financial product please go to
http://www.bt.com.au
>
> Past performance is not a reliable indicator of future performance.
>
|
ADSM.ORG Privacy and Data Security by KimLaw, PLLC
|