Re: [ADSM-L] Side Effects of Removing Admins
2010-07-08 09:57:54
The side effect of removing admins is that any administrative schedule last
touched by them will not be run if their account is removed. Run the command "q
sched type=admin f=d" and look at the "Last updated by (administrator)" field.
Make sure that the last admin to touch it is not the ones you are going to
remove. You can change that to a different admin by just updating the schedule
(making no changes) with another user.
For this reason, we make sure that we create/update administrative
schedules with a generic administrative account.
Oh, you might also want to look at any scripts that run against your server to
make sure that the admin accounts you are deleting are not in them.
Ben
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Nick Laflamme
Sent: Thursday, July 08, 2010 6:10 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Side Effects of Removing Admins
My current shop has a collective memory of "bad things happening" when old
Admin userids are removed from TSM servers. Memories are a bit vague, and all
of us have been doing TSM for a long time in a variety of shops, but the
general anxiety is that removing the userids of admins who have moved on might
break administrative schedules, copy groups, or some other key feature of TSM.
Now, of course, we have auditors breathing down our necks that we need to clean
up and secure our servers. I can't say that I blame them, but there is this
pesky collective memory to deal with. I looked in both the TSM 5.5
administrative Guide and the Reference but didn't find any warnings about side
effects of removing administrators.
So, my question to the collective wisdom of the group is,
Does anyone else remember bad side effects of removing admins in TSM, and if
so, is there a corresponding clear memory of when this was fixed in ADSM/TSM,
or is it still an issue?
(For my first pass, I have used the CHG_ADMIN column in several tables to find
out who last updated several kinds of key system resources. If an admin isn't
listed in any of those tables on a server, I've gone ahead and removed him or
her.)
Thanks,
Nick
mg_info.txt
Description: Text document
|
|
|