Ditto. And you betcha, your auditors are gonna scream!
Set PASSWORDACCESS GENERATE on the client, and PASSWORD EXPIRATION LIMIT to n days on the server (you can set 1 default, and override on an individual client basis if needed). Our limit is set to 90 per auditors. You must supply the password to the client the FIRST TIME the client is started. It gets encrypted and saved on the client end. (In the registry for Windows, into a root-only dir on *IX). Whenever the TSM code is started on the client machine, it gets the pwd from the registry, no one is prompted for the password. Every n days, the password expires, the server GENERATES a new password and sends it down to the client, gets encrypted into the registry, etc. So NOBODY needs to know the pwd. To do restores to another machine, or via the web gui, as David says, you can use your admin id and password. -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of David E Ehresman Sent: Friday, August 20, 2004 12:02 PM To: [EMAIL PROTECTED] Subject: Re: Passwords for client restores We use the Pasword Generate option so that if you can log onto the box with the appropriate privs to run dsmc or dsm, you can restore without supplying a password. If the restore is from another box, we used an appropriately prived admin id which eliminates the need to know the node password. David >>> [EMAIL PROTECTED] 8/20/2004 11:40:30 AM >>> Right now we have about 800 clients and to do a restore, the password is the same for all clients. How are others doing this. We don't want to be in the business of password generation/maintenance to change passwords all the time. We also don't want just anybody being able to do a restore on any box because the passwords are the same everywhere. We are probably going to get hammered by auditors before long about having the same password. Any suggestions would be appreciated. This email and any files transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended addressee, then you have received this email in error and any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please notify us immediately of your unintended receipt by reply and then delete this email and your reply. Tyson Foods, Inc. and its subsidiaries and affiliates will not be held liable to any person resulting from the unintended or unauthorized use of any information contained in this email or as a result of any additions or deletions of information originally contained in this email.
