ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security

2001-01-02 17:08:49
Subject: Security
From: Joel Cooper <jocooper AT DELOITTE DOT COM>
Date: Tue, 2 Jan 2001 16:09:25 -0600 
Has anyone had to deal with a rollout to desktops and the security issues?

We're about to TSM backups to a few hundred users, and inevitably we will be
faced with our Security group. The clients will be mixed 95, 98, NT Workstation,
and Windows 2000.

We planned on forcing users to reset their password after installation, expiring
the password regularly, and requiring a certain length of passwords, and locking
out a user after 3 bad attempts. The 3 bad attempts should be seldom since we
are encrypting the password in the registries.

Other than that, I can't think of anything to do. We are experimenting with
removing DSMCUTIL.EXE from NT/2000 stations because of the fact it can query the
password from the registry of another NT/2000 (IF the person has permissions to
establish a connection and read the registry)... and the fact the syntax to try
the

The biggest concern is that one client could attach to the TSM server as another
client, assuming they knew the node name and  password.  With us shielding the
password the best we can, it seems would take a lot from any machine except the
original. It wouldn't be hard for a TSM administrator, but a troublemaker would
have a harder time.

I just want to be ready when they arrive.

Thanks in advance for your advice,

Joel Cooper
Deloitte & Touche LLP
jocooper AT deloitte DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Security, Joel Cooper <=
Previous by Date:  Re: TDP for Domino R5, Radha Parameswaran
Next by Date:  Re: 32Bit - to 64bit., Walker, Lesley R
Previous by Thread:  Windows 2000 Redirected Restore, Collins, Brenda
Next by Thread:  Re: 32Bit - to 64bit., Walker, Lesley R
Indexes:  [Date] [Thread] [Top] [All Lists]