cancel
Showing results for 
Search instead for 
Did you mean: 

Permission for running bpimagelist and bpduplicate on Media server

AnthonyTsang
Level 4

Hi all, I have to create a backup menu for physical tape duplication from VTL. But the command for example, bpimagelist and bpduplicate need admin privilege to run if using UAC in windows 2008 R2. Any method to allow non-admin privilege to run those command. In my scenario, the user is the operator. Please help!

1 ACCEPTED SOLUTION

Accepted Solutions

sdo
Moderator
Moderator
Partner    VIP    Certified
There's a difference between having the rights to access and run executables, and running with administrative rights. It all depends whether the code inside the executables requires the admin rights. So, if my first suggestion of adding ACE entries does not confer admin rights to the running user name, then your only option is a request/worker script approach.

View solution in original post

7 REPLIES 7

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
There is no workaround for these commands. Admin rights are needed. Why do you need someone to run duplication manually? Why not create SLPs to duplicate automatically?

sdo
Moderator
Moderator
Partner    VIP    Certified

Perhaps you could add ACE entries onto ACL on the required commands, allowing the executables to be executed to be a non-privileged username?

If this doesn't work, then...

...the solution might be to create a multi-stage multi-script process, whereby the user runs a script which requests work (by creating small files), which a worker script which is run by a scheduled task which runs as a privileged user which wakes up periodically to process the requests, does the work, and writes something (a log, flag, job done type file) which can be verified by other functions in the user script.

The killer question as to how you approach this is...

...What are the trigger/initiator circumstances of this whole process?  i.e. what is it that causes the operator to have some work to do?  i.e. what pieces of information are the starting point for the user?  Is it a client name, a date range, or a list of tape numbers?

sdo
Moderator
Moderator
Partner    VIP    Certified
There's a difference between having the rights to access and run executables, and running with administrative rights. It all depends whether the code inside the executables requires the admin rights. So, if my first suggestion of adding ACE entries does not confer admin rights to the running user name, then your only option is a request/worker script approach.

AnthonyTsang
Level 4

Hi Marianne,

 

Why do you need someone to run duplication manually? The menu script purpose was allowed operator to select Start of Date, End date and select which polices to duplicate to physical tape by monthly basis or add hoc request in non-peak hour.

Why not create SLPs to duplicate automatically? SLP duplication job must followed by Backup job.  If I want to duplicate monthly backup iamges  to physical tape that was a week after monthly end. I think it is difficult to do by SLP. If my understanding was incorrect, please correct me. thanks!

 

revarooo
Level 6
Employee
Use an SLP Window if you want duplications only to run on specific day/time

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

The menu script purpose was allowed operator to select Start of Date, End date and select which polices to duplicate to physical tape by monthly basis or add hoc request in non-peak hour.

SLP can do that. automatically.
SLP windows allow for non-peak hour scheduling.

.... If I want to duplicate monthly backup iamges  to physical tape that was a week after monthly end. I think it is difficult to do by SLP.

This is a very strange requirement. 
Why a week later?
What if the operator is not at work? Or if he forgets?
SLP has an option to duplicate before expiration. SLP will ensure that source backup will only expire once successfully duplicated.

 

AnthonyTsang
Level 4

 

.... If I want to duplicate monthly backup iamges  to physical tape that was a week after monthly end. I think it is difficult to do by SLP.

This is a very strange requirement. 
Why a week later?

What if the operator is not at work? Or if he forgets?

SLP has an option to duplicate before expiration. SLP will ensure that source backup will only expire once successfully duplicated.

 

Can SLP fullfill my requirement  ?

=> Week day the backup host server will perform daily backup, it would be free at weekend so that's why duplication job will be arranged on that coming weekend to perform. Besides that, we have requirement to perform duplication base on different retention and categories which seperated store on different tapes. So it is difficult for me to arrange. Use "Backup Menu" relatively easier to control.

 

Is it workable to set  ACL on command e.g( bpiamgelist and bpduplicate) for non-admin account to run ?