I would assume yes, unless policy states otherwise...
Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david....@nwea.org] Sent: Friday, June 29, 2012 12:55 PM To: NT System Admin Issues Subject: RE: Backup a DC This begs the question: Who patches the DC's, the same team that does the rest of the servers? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 7:54 AM To: NT System Admin Issues Subject: RE: Backup a DC Then you can script it all and manage the resultant files with said scripts to comply with your security requirements, DR SLAs, offsite storage reqs etc. From: David Lum [mailto:david....@nwea.org] Sent: Thursday, June 28, 2012 6:51 AM To: NT System Admin Issues Subject: RE: Backup a DC Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david....@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? <wink> Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too.... From: David Lum [mailto:david....@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin