cancel
Showing results for 
Search instead for 
Did you mean: 

Specify Script to Be Run at Client

shocko
Level 4

Is there any way within a policy to specify the script to be run at a client and only run that script (i..e run no other scripts in trusted locations) ?

7 REPLIES 7

sdo
Moderator
Moderator
Partner    VIP    Certified

What seems to be the problem?  Could you add more detail?  You seem to be describing a problem which is site specific to your own scripts at your site.

Not all questions are in relation to a problem :) I'm asking how to specify a script to run within a policy and only that script i.e. how does an agent/policy select scripts to run? Is it defined somewhere or is it simply the presence of a script in a folder at the agent ?

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@shocko 

You may want to look at bpstart_notify script.

See Admin Guide II for basics: https://www.veritas.com/support/en_US/doc/24437881-126559615-0/v41507330-126559615

Some TNs: 

https://www.veritas.com/support/en_US/article.100025004

https://www.veritas.com/support/en_US/article.100021852

https://www.veritas.com/support/en_US/article.100020836

Please note that it is bpbkar on the client that calls bpstart script. 
This means that only regular filesystem policies such as MS-Windows or Standard policy types will call this script. 

Thanks! I think our security teams might no like this pattern as what happens if a rouge admin drops a script into one of the tusted locations locally?

Nicolai
Moderator
Moderator
Partner    VIP   

You can never protect against activities from administrators, they have a trusted access.

If a admin can't be trusted, there is no other option that lay off that admin.

 

True, but are the scripts that are being run repoted on cntrally from the mgmt. server? SO if a rouge admin drops a script in locally, how would I know about it?

sdo
Moderator
Moderator
Partner    VIP    Certified

Your solution is to enable dual account logon within your domain, and to always have two admins eyeballing each others work at all times.