Thanks for the suggestion Steven. After much machinations and struggling against the admin lockdowns, we were able to get it to work, but in a totally illegal way.
1. We had to access the AD account/password that is used for backing up *ALL* of the CIFS/DFS nodes. We certainly can not give this information out and audit/ISO certainly would not allow it. 2. We had to add the account (#1) to the Backup Operators group on the desktop used for the ISP client restore process (very few people are allowed to do this and nobody has access to desktop/local administrator accounts) As I mentioned, the backups we need to access via proxy are run via a special AD account (identified in the scheduler service). So looking for suggestions on how to do this a different way, if possible. I do have a question about the proxy process. To test this, I created a dummy ISP node so the desktop client can sign-in to it to be able to use "Access another node". My question is, since I setup the proxy target (node that has the data/backups) and proxy agent (dummy node), on the ISP server, do I still need to go to the target node and give the agent access? On Mon, Aug 6, 2018 at 7:27 PM Harris, Steven < steven.har...@btfinancialgroup.com> wrote: > Runas? > > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of > Zoltan Forray > Sent: Tuesday, 7 August 2018 5:57 AM > To: ADSM-L@VM.MARIST.EDU > Subject: Re: [ADSM-L] Proxy/asnodename restore and strange Registry > entries? > > I have another issue with the Proxy/asnodename process I hope someone can > direct me to the answer since I am still kinda lost in this Proxy process. > > To use the Proxy process, we had to install the standard Windows GUI/client > (8.1.0.2) on a desktop. I created a new node and use the proxy grant > process to give it agent authority over the other nodes we want to restore > from/for. Also made the proxy authority the other way - just in case. > > Now, every time we try to restore a file, we get a "Permissions Denied" > authority issue. We think we know why due don't know how to get around > it. In the current setup, the Windows services that perform the backups > and restores (via WebClient) use a specific AD account that has the right > authority. > > So how do you associate a specific AD account with a GUI session/client so > it has the proper rights to do restores? > > On Sat, Aug 4, 2018 at 7:50 AM Zoltan Forray <zfor...@vcu.edu> wrote: > > > I guess I should have mentioned that. Windows 10 Enterprise desktop is > > what I am using to access the proxy node of a Windows 2016 Server backup. > > > > Zoltan Forray > > IBM Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator > > VMware Administrator Xymon Administrator VCU Computer Center > > zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and > > other reputable organizations will never use email to request that you > > reply with your password, social security number or confidential > > personal information. For more details visit https://phishing.vcu.edu > > > > On Fri, Aug 3, 2018, 9:36 AM Robert Talda <r...@cornell.edu> wrote: > > > >> Zoltan: > >> Willing to test here - which platform (Windows, Linux x86, etc) are > >> you running the client on? > >> > >> Robert Talda > >> EZ-Backup Systems Engineer > >> Cornell University > >> +1 607-255-8280 > >> r...@cornell.edu > >> > >> > >> > On Aug 2, 2018, at 10:35 AM, Zoltan Forray <zfor...@vcu.edu> wrote: > >> > > >> > We are working through trying to move to using Proxy/asnodename > >> processes > >> > to replace the html interface for our ISILON backups and are seeing > >> > some strangeness in the 8.1.0.2 GUI > >> > > >> > When I bring up the GUI and the process to access another node, > >> > when I expand the "File Level" section, 6 "Registry" appear? > >> > Besides there > >> being > >> > 6-of them, this makes no sense since the backups are ISILON file > >> > level - not OS level. There aren't any systemstate/registry level. > >> > > >> > What gives? > >> > > >> > > > > -- > *Zoltan Forray* > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon > Monitor Administrator VMware Administrator Virginia Commonwealth University > UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - > 804-828-4807 Don't be a phishing victim - VCU and other reputable > organizations will never use email to request that you reply with your > password, social security number or confidential personal information. For > more details visit http://phishing.vcu.edu/ > > This message and any attachment is confidential and may be privileged or > otherwise protected from disclosure. You should immediately delete the > message if you are not the intended recipient. If you have received this > email by mistake please delete it from your system; you should not copy the > message or disclose its content to anyone. > > This electronic communication may contain general financial product advice > but should not be relied upon or construed as a recommendation of any > financial product. The information has been prepared without taking into > account your objectives, financial situation or needs. You should consider > the Product Disclosure Statement relating to the financial product and > consult your financial adviser before making a decision about whether to > acquire, hold or dispose of a financial product. > > For further details on the financial product please go to > http://www.bt.com.au > > Past performance is not a reliable indicator of future performance. > -- *Zoltan Forray* Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://phishing.vcu.edu/
