Contents
Although TSM can only back up an entire machine's filestore when running under an administrative account, it can be run under a non-administrative account in one of two ways.
2. Under a normal user account (32-bit XP only)
Read & Execute, Read and Write rights on the TSM installation
folder (default
C:\Program Files\Tivoli\TSM\baclient\) so that errors can be logged in the
error log file dsmerror.log. Note that by default, users do not have the Write
permission set on this folder.
dsm.opt configuration file in the TSM installation folder:
SkipNTPermissions Yes
3. To run a TSM backup from an account belonging to the Backup Operators group (XP, 2003, Vista, 7, 2008, 2008R2, 8)
C:\Program Files\Tivoli\TSM\baclient\.[Administrative Tools] >
[Local Security Policy] > [Local Policies] > [User Rights Assignment]):
Back up files and directories Restore files and directories Manage auditing and security logsNote that by default, this group does not have the last of these rights (Manage auditing and security logs), and so it should explicitly be given this.
Note that as a consequence of running TSM as a non-administrative user, you will be prompted for the
TSM password irrespective of the setting of the PasswordAccess to
Generate in the configuration file.
This is because the account will not have rights to access the encrypted TSM password in the Registry.
The README notes from Tivoli on this subject are reproduced in the following document on access rights.