ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TDP for SQL and UAC

2017-06-02 10:53:21
Subject: Re: [ADSM-L] TDP for SQL and UAC
From: Shawn Drew <shawndo AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 2 Jun 2017 10:49:24 -0400 
Are you executing tdp with "runas" in the script or is control-m agent service 
logged on as the desired domain account?

Thanks,
-Shawn

On Jun 1, 2017, 8:05 PM -0400, Harris, Steven <steven.harris AT 
btfinancialgroup DOT com>, wrote:
> Hi All
>
> I've got a bit of a show-stopper here that I could use some help with.
>
> Previously, SQL backups have been mostly handled by dump to disk and backup 
> with BA Client. Database sizes have grown over time and now we cannot get 
> through the whole dump/backup cycle in a reasonable window, so we have been 
> pushing to get TDP used as the standard backup mechanism for SQL. There are a 
> couple of issues with this ; I'll be submitting an RFE for one of them 
> shortly however the big one is to do with security.
>
> The TDP for SQL backup is to be run using the control-m scheduling tool as 
> the backup has to run at a particular point in the processing cycle (also for 
> restores as we can't afford to have a large restore fail because someone's 
> RDP session timed out) . It must use a domain account, nothing else is 
> permissible. When doing this we get a windows UAC pop-up. Again we are not 
> permitted to turn off UAC.. don't worry about how reasonable that is, IT 
> Security and Auditors don't cope well with arguments about 'reasonable' or 
> 'low risk' it's all black and white.
>
> So, has anyone else solved this issue: run a TDP backup from a domain account 
> and somehow bypass the UAC prompt without turning it off in a blanket fashion?
>
> Any and all suggestions gratefully received.
>
> Steve
>
> Steven Harris
> TSM Admin/Consultant
> Canberra Australia
>
> This message and any attachment is confidential and may be privileged or 
> otherwise protected from disclosure. You should immediately delete the 
> message if you are not the intended recipient. If you have received this 
> email by mistake please delete it from your system; you should not copy the 
> message or disclose its content to anyone.
>
> This electronic communication may contain general financial product advice 
> but should not be relied upon or construed as a recommendation of any 
> financial product. The information has been prepared without taking into 
> account your objectives, financial situation or needs. You should consider 
> the Product Disclosure Statement relating to the financial product and 
> consult your financial adviser before making a decision about whether to 
> acquire, hold or dispose of a financial product.
>
> For further details on the financial product please go to http://www.bt.com.au
>
> Past performance is not a reliable indicator of future performance.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Tables in TSM database, Jeannie Bruno
Next by Date:  Re: [ADSM-L] Tables in TSM database, Jeannie Bruno
Previous by Thread:  Re: [ADSM-L] TDP for SQL and UAC, Del Hoobler
Next by Thread:  [ADSM-L] Open File Support and CIFS/DFS shares/mounts, Zoltan Forray
Indexes:  [Date] [Thread] [Top] [All Lists]
ADSM.ORG Privacy and Data Security by KimLaw, PLLC