Zoltan, As much as I hate Powershell it does have its uses
One thing it can do is create an encrypted authorization token that can be used to authenticate. That token can be applied when you run a command, so it allows the use of the restricted id without providing the password in clear. Invoking dsmadmc from powershell is a whole other world of pain, but just starting dsm for your user may not be so difficult. Note I have looked into this several times, but never actually implemented it. My use-case was to save my password for a dsmadmc invocation. https://blog.kloud.com.au/2016/04/21/using-saved-credentials-securely-in-powershell-scripts/ may be a good place to start. Regards Steve -----Original Message----- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan Forray Sent: Saturday, 11 August 2018 3:44 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] Proxy/asnodename restore and strange Registry entries? Thanks for the suggestion Steven. After much machinations and struggling against the admin lockdowns, we were able to get it to work, but in a totally illegal way. 1. We had to access the AD account/password that is used for backing up *ALL* of the CIFS/DFS nodes. We certainly can not give this information out and audit/ISO certainly would not allow it. 2. We had to add the account (#1) to the Backup Operators group on the desktop used for the ISP client restore process (very few people are allowed to do this and nobody has access to desktop/local administrator accounts) As I mentioned, the backups we need to access via proxy are run via a special AD account (identified in the scheduler service). So looking for suggestions on how to do this a different way, if possible. I do have a question about the proxy process. To test this, I created a dummy ISP node so the desktop client can sign-in to it to be able to use "Access another node". My question is, since I setup the proxy target (node that has the data/backups) and proxy agent (dummy node), on the ISP server, do I still need to go to the target node and give the agent access? On Mon, Aug 6, 2018 at 7:27 PM Harris, Steven < steven.har...@btfinancialgroup.com> wrote: > Runas? > > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf > Of Zoltan Forray > Sent: Tuesday, 7 August 2018 5:57 AM > To: ADSM-L@VM.MARIST.EDU > Subject: Re: [ADSM-L] Proxy/asnodename restore and strange Registry > entries? > > I have another issue with the Proxy/asnodename process I hope someone > can direct me to the answer since I am still kinda lost in this Proxy process. > > To use the Proxy process, we had to install the standard Windows > GUI/client > (8.1.0.2) on a desktop. I created a new node and use the proxy grant > process to give it agent authority over the other nodes we want to > restore from/for. Also made the proxy authority the other way - just in case. > > Now, every time we try to restore a file, we get a "Permissions Denied" > authority issue. We think we know why due don't know how to get > around it. In the current setup, the Windows services that perform > the backups and restores (via WebClient) use a specific AD account > that has the right authority. > > So how do you associate a specific AD account with a GUI > session/client so it has the proper rights to do restores? > > On Sat, Aug 4, 2018 at 7:50 AM Zoltan Forray <zfor...@vcu.edu> wrote: > > > I guess I should have mentioned that. Windows 10 Enterprise desktop > > is what I am using to access the proxy node of a Windows 2016 Server backup. > > > > Zoltan Forray > > IBM Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator > > VMware Administrator Xymon Administrator VCU Computer Center > > zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and > > other reputable organizations will never use email to request that > > you reply with your password, social security number or confidential > > personal information. For more details visit > > https://phishing.vcu.edu > > > > On Fri, Aug 3, 2018, 9:36 AM Robert Talda <r...@cornell.edu> wrote: > > > >> Zoltan: > >> Willing to test here - which platform (Windows, Linux x86, etc) > >> are you running the client on? > >> > >> Robert Talda > >> EZ-Backup Systems Engineer > >> Cornell University > >> +1 607-255-8280 > >> r...@cornell.edu > >> > >> > >> > On Aug 2, 2018, at 10:35 AM, Zoltan Forray <zfor...@vcu.edu> wrote: > >> > > >> > We are working through trying to move to using Proxy/asnodename > >> processes > >> > to replace the html interface for our ISILON backups and are > >> > seeing some strangeness in the 8.1.0.2 GUI > >> > > >> > When I bring up the GUI and the process to access another node, > >> > when I expand the "File Level" section, 6 "Registry" appear? > >> > Besides there > >> being > >> > 6-of them, this makes no sense since the backups are ISILON file > >> > level - not OS level. There aren't any systemstate/registry level. > >> > > >> > What gives? > >> > > >> > > > > -- > *Zoltan Forray* > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon > Monitor Administrator VMware Administrator Virginia Commonwealth > University UCC/Office of Technology Services www.ucc.vcu.edu > zfor...@vcu.edu - > 804-828-4807 Don't be a phishing victim - VCU and other reputable > organizations will never use email to request that you reply with your > password, social security number or confidential personal information. > For more details visit http://phishing.vcu.edu/ > > This message and any attachment is confidential and may be privileged > or otherwise protected from disclosure. You should immediately delete > the message if you are not the intended recipient. If you have > received this email by mistake please delete it from your system; you > should not copy the message or disclose its content to anyone. > > This electronic communication may contain general financial product > advice but should not be relied upon or construed as a recommendation > of any financial product. The information has been prepared without > taking into account your objectives, financial situation or needs. You > should consider the Product Disclosure Statement relating to the > financial product and consult your financial adviser before making a > decision about whether to acquire, hold or dispose of a financial product. > > For further details on the financial product please go to > http://www.bt.com.au > > Past performance is not a reliable indicator of future performance. > -- *Zoltan Forray* Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://phishing.vcu.edu/ This message and any attachment is confidential and may be privileged or otherwise protected from disclosure. You should immediately delete the message if you are not the intended recipient. If you have received this email by mistake please delete it from your system; you should not copy the message or disclose its content to anyone. This electronic communication may contain general financial product advice but should not be relied upon or construed as a recommendation of any financial product. The information has been prepared without taking into account your objectives, financial situation or needs. You should consider the Product Disclosure Statement relating to the financial product and consult your financial adviser before making a decision about whether to acquire, hold or dispose of a financial product. For further details on the financial product please go to http://www.bt.com.au Past performance is not a reliable indicator of future performance.
