RE: Backup a DC
_SP2_ ??? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 3:07 PM To: NT System Admin Issues Subject: RE: Backup a DC Schema admins are empty at all times unless schema changes are being made. Alarms go off if someone gets added :) Funny, my ID was actually added in the lab today because we are testing Exch2010SP2 schema mods this afternoon. From: Webster [mailto:webs...@carlwebster.com]mailto:[mailto:webs...@carlwebster.com] Sent: Friday, June 29, 2012 12:00 PM To: NT System Admin Issues Subject: RE: Backup a DC And Schema Admins also? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Subject: RE: Backup a DC My policy- Wherever you are you should be able to count EA/DAs on the fingers of one hand ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup a DC
This begs the question: Who patches the DC's, the same team that does the rest of the servers? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 7:54 AM To: NT System Admin Issues Subject: RE: Backup a DC Then you can script it all and manage the resultant files with said scripts to comply with your security requirements, DR SLAs, offsite storage reqs etc. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, June 28, 2012 6:51 AM To: NT System Admin Issues Subject: RE: Backup a DC Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt
RE: Backup a DC
I would assume yes, unless policy states otherwise... Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david@nwea.org] Sent: Friday, June 29, 2012 12:55 PM To: NT System Admin Issues Subject: RE: Backup a DC This begs the question: Who patches the DC's, the same team that does the rest of the servers? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 7:54 AM To: NT System Admin Issues Subject: RE: Backup a DC Then you can script it all and manage the resultant files with said scripts to comply with your security requirements, DR SLAs, offsite storage reqs etc. From: David Lum [mailto:david@nwea.org] Sent: Thursday, June 28, 2012 6:51 AM To: NT System Admin Issues Subject: RE: Backup a DC Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: Backup a DC
Then they would have to be admins and policy definitely states otherwise :) My policy- Wherever you are you should be able to count EA/DAs on the fingers of one hand From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 29, 2012 10:05 AM To: NT System Admin Issues Subject: RE: Backup a DC I would assume yes, unless policy states otherwise... Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Friday, June 29, 2012 12:55 PM To: NT System Admin Issues Subject: RE: Backup a DC This begs the question: Who patches the DC's, the same team that does the rest of the servers? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 7:54 AM To: NT System Admin Issues Subject: RE: Backup a DC Then you can script it all and manage the resultant files with said scripts to comply with your security requirements, DR SLAs, offsite storage reqs etc. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Thursday, June 28, 2012 6:51 AM To: NT System Admin Issues Subject: RE: Backup a DC Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: Backup a DC
Likewise, Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 1:42 PM To: NT System Admin Issues Subject: RE: Backup a DC Then they would have to be admins and policy definitely states otherwise J My policy- Wherever you are you should be able to count EA/DAs on the fingers of one hand From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 29, 2012 10:05 AM To: NT System Admin Issues Subject: RE: Backup a DC I would assume yes, unless policy states otherwise... Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david@nwea.org] Sent: Friday, June 29, 2012 12:55 PM To: NT System Admin Issues Subject: RE: Backup a DC This begs the question: Who patches the DC's, the same team that does the rest of the servers? From: Free, Bob [mailto:r...@pge.com] Sent: Friday, June 29, 2012 7:54 AM To: NT System Admin Issues Subject: RE: Backup a DC Then you can script it all and manage the resultant files with said scripts to comply with your security requirements, DR SLAs, offsite storage reqs etc. From: David Lum [mailto:david@nwea.org] Sent: Thursday, June 28, 2012 6:51 AM To: NT System Admin Issues Subject: RE: Backup a DC Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally
RE: Backup a DC
And Schema Admins also? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Free, Bob [mailto:r...@pge.com] Subject: RE: Backup a DC My policy- Wherever you are you should be able to count EA/DAs on the fingers of one hand ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup a DC
Nope I sure don't mind the command line. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, June 27, 2012 2:25 PM To: NT System Admin Issues Subject: RE: Backup a DC Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup a DC
Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup a DC
Windows server backup is amazingly powerful, if you don't mind dropping to the command line. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 11:58 AM To: NT System Admin Issues Subject: RE: Backup a DC Cool I was thinking just the AD guys should be able to backup/restore, hadn't considered not using TSM for DC recovery options but I like that idea. I got the HelpDesk folks out of DA's years ago, this latest development lets me kick out the other SE's from being DA's which has been a point of contention for me for YEARS! Dave From: Free, Bob [mailto:r...@pge.com]mailto:[mailto:r...@pge.com] Sent: Wednesday, June 27, 2012 8:31 AM To: NT System Admin Issues Subject: RE: Backup a DC Only your fully qualified AD admins should have backup/restore rights on the DCs. Period. Double check the user rights assignment as well. You have your DR plan all document and tested too, right? wink Do you even need TSM? We don't use it because it doesn't fit in our DR plan and because of the attendant security holes. If you have people in the other built-in *Operator groups, they should also be addressed. Hope you got the helpdesk folks out by now too From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Wednesday, June 27, 2012 8:17 AM To: NT System Admin Issues Subject: Backup a DC How do you guys handle permissions for backup and restore of a domain controller? I somehow got to be the AD lead on our newly formed Active Directory team, and one thing I get to do is pare back is Domain Admin membership! Our Tivoli backup person is DA for the *sole* purpose of backup/restore of our DC's and I'm thinking that can be addressed. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin