Ah, Good to know.
Thanks Andy for you help.
-Roger
Andrew Raibeck wrote:
Since Windows 2003 system state backup is an "all or nothing" affair,
unchecking "Back up the Registry" has no effect (that should actually come
out, since it applies only to NT 4.0, which is not supported by the 5.3
client).
If you encrypt all data, e.g.:
include.encrypt *
Then the system state (which includes registry) will be encrypted as well.
If you need more targeted encryption try this:
include.encrypt *:\adsm.sys\...\*
include.encrypt
*:\WINDOWS\Repair\Backup\BootableSystemState\Registry\...\*
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/[EMAIL PROTECTED]
Internet e-mail: [EMAIL PROTECTED]
IBM Tivoli Storage Manager support web page:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
"ADSM: Dist Stor Manager" <ADSM-L@VM.MARIST.EDU> wrote on 10/10/2006
08:17:18 AM:
Thanks Andy,
From what I understand, you cannot encrypt the systemobjects which would
include the registry, is this the case and if so, is there a way around
this in order to secure that your registry is not sent across the wire
un-encrytpted when you are not using a VPN tunnel or encryption over the
wire?
Should I uncheck "backup the registry" in the GUI.
Thanks
On Tue, 10 Oct 2006, Andrew Raibeck wrote:
No, you cannot just export/import the registry key.
See the README file for the 5.3.4.x clients and look for the bullet
titled
"ENCRYPTKEY SAVE requirements". Also look up APAR IC48782.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/[EMAIL PROTECTED]
Internet e-mail: [EMAIL PROTECTED]
IBM Tivoli Storage Manager support web page:
http://www.ibm.
com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
"ADSM: Dist Stor Manager" <ADSM-L@VM.MARIST.EDU> wrote on 10/08/2006
08:44:35 PM:
Thank you for the info. I'll look into the MS regedit for
exporting/importing and see if the client wants to do this or if
they
will just keep the password phrase used somewhere and just use that
if
need be.
TSM_User wrote:
To your question you only need the value you typed to generate the
key the first time. You will be prompted to type it again and it
will then encrypt the key again and store it in the registry.
Entries in the registry can be exported and then imported on
another server. Exporting the keys from the registry using the MS's
regedit on one system and then importing them somewhere else may
work but I think Andy may need to chime in on that.
Roger Silva <[EMAIL PROTECTED]> wrote:
Hi,
My client has asked me if there is a way to export the EncryptKey
but
I
have not found any documention talking about this. The reason for
this
I assume would be in case of a system crash. I know the EncryptKey
is
kept on both the client side in the registry and I believe on the
server
side as well. If the system was to crash, do you still only need
the
Encryption Password to restore the data? Would this be just as if
you
did not use the "SAVE" option and instead you used the "PROMPT"
option?
Thanks again for your info.
Roger
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.
Great rates starting at 1ยข/min.
