I am going to stick with UAC is the not the issue, if it were to insert your ID into millions of files as you describe then you could end up waiting hours for the it to complete, then it would have to remove your ID when you leave. What it is really doing is elevating you from User to Administrator and presenting the Yes/No prompt on a different desktop to prevent malware from elevating itself.
What you might try is using icacls to dump the security of a sample, then when you see the large backup occur again dump and compare. Do you also have AMD Admins? Andy Huebner -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of Dwight Cook Sent: Thursday, October 10, 2013 10:00 PM To: [email protected] Subject: Re: [ADSM-L] Win2008 with UAC and backing up files that really didn't change... kind'a What is happening when I click on "OK" when it prompts me if I want to give myself rights is, ~it~ is going into every file and folder and inserting my user id under the security tab of properties and explicitly giving me full control. Based on what our Intel Admins have told me, I made the assumption ~it~ was UAC because they told me it was UAC asking me if I want to continue with the operation (to simply view the folder) because I currently don't have explicit authority, I only have implied authority by my user id being an ~administrative~ id. There is another product within this environment, Zylab, which I'm clueless on but our local Intel Admins don't believe Zylab would be the cause. The situation is very easy to recreate... all I have to do is go out to a volume that I've never looked before (thus I won't have explicit permission to) and double click on it to open it... at that time ~something~ tells me I currently don't have rights do perform that operation and would I like to give myself rights (since my id is an administrative id I have the authority to do that) and I click "OK" and as I mentioned above, ~it~ goes in and inserts my user id explicitly on every file/folder thus "changing" it and tsm then backs it up next cycle. It is also the case that it behaves this way for any/all admins and in looking at the security tab I see a whole list of various admins explicitly listed. Could this be a configuration setting of UAC? (to make it put explicit permissions on the files) Dwight -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of Huebner, Andy Sent: Thursday, October 10, 2013 4:16 PM To: [email protected] Subject: Re: [ADSM-L] Win2008 with UAC and backing up files that really didn't change... kind'a I believe you have something else happening. If that option was changing the ACLs of millions of files you would be very aware of that happening. "administrative" rights are not unlike sudo in Unix, you are assuming the identity of a more powerful user. It is not uncommon for admins here to do what you describe without the results you describe. Andy Huebner -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of Dwight Cook Sent: Thursday, October 10, 2013 2:20 PM To: [email protected] Subject: [ADSM-L] Win2008 with UAC and backing up files that really didn't change... kind'a OK, so I have a file server with 6 volumes each of 2.5 TB's and each with 1-2.5M files on them. Under Win2008 there is this ~funk~ called UAC such that an "administrative" id has effective permissions to everything but not really any direct permission. That is, if I go into this server and under explorer I click on the top directory on one of the volumes it says "you don't have rights to view this, do you want to grant yourself rights?" and when I click "OK" windows goes out and gives my userid direct permissions to all subfolders and files. BUT. that is a change to the permissions of every directory and file and next incr backup, TSM backs up everything. yes, sometimes 2.5M files at 2.5 TB's just because some admin clicked "OK" on giving themselves permission to view things at the top folder level. Is anyone else seeing this? Dwight
