Hinweis 14
Message ANS5174E or ANS1449E on Windows NT, Windows 2000, or Windows 2003 TSM client
Problem
-------
During TSM backup, the process fails with the ANS5174E or ANS1449E message indicating
that the user lacks a required NT permission.
Cause
-----
Generally, the user is attempting to run the incremental or selective command and
processing is halted because one of the NT permissions (rights) is lacking.
Solution
--------
Users running backups on NT/2000/2003 require three rights:
- Back up files and directories
- Restore files and directories
- Manage auditing and security logs
The third right is required to access NTFS System Access Control list (SACL)
security descriptors.
The SACL is essentially auditing information and every NTFS object has one,
so the client must interrogate it during backup to determine if it needs
to be backed up.
By default the "Backup Operator" group does not have the third right, so persons
who must back up the node must be given that right. To assign this right,
the Windows Administrator must:
1. Click on "Administrative Tools" in the Control Panel
2. Select "Local Security Policy"
3. Open the "Local Policies" folder
4. Click on "User Rights Assignment"
5. Select "Manage auditing and security logs"
6. Add the person or group to receive this right.
Users without these rights can only back up files they own and cannot
back up the system registry or files owned by other users. These are
local user rights and must be set using the local User Manager
application, and domain accounts may not automatically be enabled for
them. Domain accounts may be granted local rights by the local User
Manager.
The account must also have the following permission to the
HKEY_LOCAL_MACHINE, HKEY_KEY_USERS, and HKEY_CURRENT_USER registry
hives:
Query Value
Set Value
Create Subkey
Enumerate Subkeys
The local system account and local administrator group have these
permission by default. Other accounts/groups (including domain
Administrators) must be granted these permission either explicitly
through the registry editor security dialog (regedt32), or implicitly by
adding the account/group to the local Administrators group through the
local User Manager (recommended).