ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Side Effects of Removing Admins

2010-07-08 09:57:54
Subject: Re: [ADSM-L] Side Effects of Removing Admins
From: Ben Bullock <BBullock AT BCIDAHO DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 8 Jul 2010 07:58:14 -0600 
The side effect of removing admins is that any administrative schedule last 
touched by them will not be run if their account is removed. Run the command "q 
sched type=admin f=d" and look at the "Last updated by (administrator)" field. 
Make sure that the last admin to touch it is not the ones you are going to 
remove. You can change that to a different admin by just updating the schedule 
(making no changes) with another user.
        For this reason, we make sure that we create/update administrative 
schedules with a generic administrative account.

Oh, you might also want to look at any scripts that run against your server to 
make sure that the admin accounts you are deleting are not in them.

Ben


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Nick Laflamme
Sent: Thursday, July 08, 2010 6:10 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Side Effects of Removing Admins

My current shop has a collective memory of "bad things happening" when old 
Admin userids are removed from TSM servers. Memories are a bit vague, and all 
of us have been doing TSM for a long time in a variety of shops, but the 
general anxiety is that removing the userids of admins who have moved on might 
break administrative schedules, copy groups, or some other key feature of TSM. 

Now, of course, we have auditors breathing down our necks that we need to clean 
up and secure our servers. I can't say that I blame them, but there is this 
pesky collective memory to deal with. I looked in both the TSM 5.5 
administrative Guide and the Reference but didn't find any warnings about side 
effects of removing administrators. 

So, my question to the collective wisdom of the group is,

Does anyone else remember bad side effects of removing admins in TSM, and if 
so, is there a corresponding clear memory of when this was fixed in ADSM/TSM, 
or is it still an issue? 

(For my first pass, I have used the CHG_ADMIN column in several tables to find 
out who last updated several kinds of key system resources. If an admin isn't 
listed in any of those tables on a server, I've gone ahead and removed him or 
her.)

Thanks,
Nick

Attachment: mg_info.txt
Description: Text document

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Side Effects of Removing Admins, Huebner,Andy,FORT WORTH,IT
Next by Date:  Re: [ADSM-L] Side Effects of Removing Admins, Prather, Wanda
Previous by Thread:  Re: [ADSM-L] Side Effects of Removing Admins, Nick Laflamme
Next by Thread:  Re: [ADSM-L] Side Effects of Removing Admins, Zoltan Forray/AC/VCU
Indexes:  [Date] [Thread] [Top] [All Lists]