Tivoli is not secure. If you care about security do not put it (even agents) on your domain controllers. Period.
Whomever manages Tivoli, will own your forest the moment you add it to a DC. This goes for any application that runs as localsystem on the DC and is "controlled" by someone else other than the enterprise admins. Tivoli has the ability to copy down anything it wants and then run it on the machine. My recommendation would be to fire up MOM or some other management system that has the capability to "feed" info back into the Tivoli framework. This management system would be entirely owned and run by the enterprise admins. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 01, 2004 8:47 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD? Looking for some guidance / help... Our Enterprise Systems Management Group is in the process or rolling out Tivoli to all locations. It doesn't seem logical or best practice, to me, to put such an application on a Windows 2003 DC. When testing TMF 4.1 components on a test Windows 2003 DC, I had extreme difficulty getting it to work. I inquired about this recently and was told that the problem was most likely security and that the security for the entire domain would have to be greatly relaxed to support a Tivoli Gateway installation on a Windows 2003 domain controller, not to mention the gaping security hole opened by this installation. I was also informed that installing Tivoli Gateway or other managed node components on a Windows 2003 domain controller was not best practice and correspondingly should be avoided if possible. Has anyone else attempted or run into this scenario? TIA Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
