11-15-2011 08:23 AM
Hi, How can I use commands to disable client or policy encryption? bpinst only has options (policy_encrypt) for legacy encryption. How about standard encruption? Thank you in advance!
Solved! Go to Solution.
11-15-2011 12:15 PM
bpinst should only need to be used once, if at all, for install. Forget about bpinst.
Specifically, the command you're looking for (why not just use the checkbox in the GUI?) is:
# bpplinfo <policyname> -modify -encrypt [ 0 | 1 ]
where 1 = encryption: Yes, 0 = encryption: No
See pages 237,241:
http://www.symantec.com/docs/TECH52832
You can only modify a policy for this configuration - not a "client."
EDIT: Per your other thread...please make sure you're not trying to enable Encryption on a policy which is currently configured to collect BMR information. THOSE command line flags (-collect_bmr_info and -collect_tir_info) should both be set to 0 if you're trying to enable encryption.
11-15-2011 09:11 AM
bpplinfo -modify?
11-15-2011 12:15 PM
bpinst should only need to be used once, if at all, for install. Forget about bpinst.
Specifically, the command you're looking for (why not just use the checkbox in the GUI?) is:
# bpplinfo <policyname> -modify -encrypt [ 0 | 1 ]
where 1 = encryption: Yes, 0 = encryption: No
See pages 237,241:
http://www.symantec.com/docs/TECH52832
You can only modify a policy for this configuration - not a "client."
EDIT: Per your other thread...please make sure you're not trying to enable Encryption on a policy which is currently configured to collect BMR information. THOSE command line flags (-collect_bmr_info and -collect_tir_info) should both be set to 0 if you're trying to enable encryption.
11-16-2011 06:31 AM
Thank you for the info. It's working well.
nbserver# bppllist mypolicy -U | grep -i encrypt
Client Encrypt: yes
nbserver# bpplinfo mypolicy -modify -encrypt 0
nbserver# bppllist mypolicy -U | grep -i encrypt
Client Encrypt: no
However, if encryption is enabled on the client, I still have to use GUI to disable it, right?
I prefer CLI over GUI to do some of my jobs because it's handy. Another reason is that I use an Apple at home and can't use NetBackup GUI.
"please make sure you're not trying to enable Encryption on a policy which is currently configured to collect BMR information."
After I know encryption and BMR can't coexist, I won't force them to live together. If people don't know it, they would do it.
11-16-2011 10:59 AM
However, if encryption is enabled on the client, I still have to use GUI to disable it, right?
I'm not totally sure what you're asking, but you can change the CRYPT_OPTION parameter by manually editing the bp.conf file on your client. Is that what you're looking for?
11-21-2011 06:55 AM
I am trying to run a command from the master server to enable/disable client encruption. You have to logon to each client to modify bp.conf.
Thank you!