03-06-2020 01:19 PM
Is there any way within a policy to specify the script to be run at a client and only run that script (i..e run no other scripts in trusted locations) ?
03-07-2020 12:23 AM
What seems to be the problem? Could you add more detail? You seem to be describing a problem which is site specific to your own scripts at your site.
03-08-2020 01:36 PM - edited 03-09-2020 02:13 AM
Not all questions are in relation to a problem :) I'm asking how to specify a script to run within a policy and only that script i.e. how does an agent/policy select scripts to run? Is it defined somewhere or is it simply the presence of a script in a folder at the agent ?
03-08-2020 11:46 PM
You may want to look at bpstart_notify script.
See Admin Guide II for basics: https://www.veritas.com/support/en_US/doc/24437881-126559615-0/v41507330-126559615
Some TNs:
https://www.veritas.com/support/en_US/article.100025004
https://www.veritas.com/support/en_US/article.100021852
https://www.veritas.com/support/en_US/article.100020836
Please note that it is bpbkar on the client that calls bpstart script.
This means that only regular filesystem policies such as MS-Windows or Standard policy types will call this script.
03-09-2020 02:14 AM
Thanks! I think our security teams might no like this pattern as what happens if a rouge admin drops a script into one of the tusted locations locally?
03-09-2020 02:47 AM - edited 03-09-2020 02:48 AM
You can never protect against activities from administrators, they have a trusted access.
If a admin can't be trusted, there is no other option that lay off that admin.
05-11-2020 03:25 PM
True, but are the scripts that are being run repoted on cntrally from the mgmt. server? SO if a rouge admin drops a script in locally, how would I know about it?
05-12-2020 03:08 AM
Your solution is to enable dual account logon within your domain, and to always have two admins eyeballing each others work at all times.