Are you executing tdp with "runas" in the script or is control-m agent service
logged on as the desired domain account?
Thanks,
-Shawn
On Jun 1, 2017, 8:05 PM -0400, Harris, Steven <steven.harris AT
btfinancialgroup DOT com>, wrote:
> Hi All
>
> I've got a bit of a show-stopper here that I could use some help with.
>
> Previously, SQL backups have been mostly handled by dump to disk and backup
> with BA Client. Database sizes have grown over time and now we cannot get
> through the whole dump/backup cycle in a reasonable window, so we have been
> pushing to get TDP used as the standard backup mechanism for SQL. There are a
> couple of issues with this ; I'll be submitting an RFE for one of them
> shortly however the big one is to do with security.
>
> The TDP for SQL backup is to be run using the control-m scheduling tool as
> the backup has to run at a particular point in the processing cycle (also for
> restores as we can't afford to have a large restore fail because someone's
> RDP session timed out) . It must use a domain account, nothing else is
> permissible. When doing this we get a windows UAC pop-up. Again we are not
> permitted to turn off UAC.. don't worry about how reasonable that is, IT
> Security and Auditors don't cope well with arguments about 'reasonable' or
> 'low risk' it's all black and white.
>
> So, has anyone else solved this issue: run a TDP backup from a domain account
> and somehow bypass the UAC prompt without turning it off in a blanket fashion?
>
> Any and all suggestions gratefully received.
>
> Steve
>
> Steven Harris
> TSM Admin/Consultant
> Canberra Australia
>
> This message and any attachment is confidential and may be privileged or
> otherwise protected from disclosure. You should immediately delete the
> message if you are not the intended recipient. If you have received this
> email by mistake please delete it from your system; you should not copy the
> message or disclose its content to anyone.
>
> This electronic communication may contain general financial product advice
> but should not be relied upon or construed as a recommendation of any
> financial product. The information has been prepared without taking into
> account your objectives, financial situation or needs. You should consider
> the Product Disclosure Statement relating to the financial product and
> consult your financial adviser before making a decision about whether to
> acquire, hold or dispose of a financial product.
>
> For further details on the financial product please go to http://www.bt.com.au
>
> Past performance is not a reliable indicator of future performance.
|