24 Jun 2010

Unrestricting users of RSAUTIL.CMD

I'm using rsautil manage-backups to perform scripted backups of our RSA AM 7.1 SP3 database in conjunction with the disabled password prompt that I posted yesterday. Although when initially trying to run it under a separate service account from that which I used to install the product, I received the following error.

Error: Cannot run as user 'serviceaccount'. 'rsautil' can only be run by 'myusername' user

I contacted support and received the following response, which was very simple to implement.

  • Use Windows Explorer to locate rsaenv.cmd in the ACEUTILS directory
  • Open   rsaenv.cmd  in WordPad (or other editor)
  • Locate the line set CLU_USER={username} where {username} is the user name of the user who installed the RSA Authentication Manager 7.1 software and comment out the line (this will preserve the user name)
  • Add this line after the commented out line in point 3 "set CLU_USER=%USERNAME%"
  • Save the change
Now any user who is a member of the local Windows Administrators group can use rsautils.cmd

Disable RSA AM 7.1 SP3 Backup Password Prompt

It looks like RSA have realised what a nightmare it is to backup their Authentication Manager product and have therefore eased the burden somewhat by allowing the disabling of the password prompt when ruinning a command line backup using "rasutil manage-backups".

to disable the prompting for the password when running a backup using rsautil manage-backups run the following as documented in the RSA PDFs.

rsautil manage-backups --action disable-pwd-prompt
Once entered, the RSA Master password is required to apply the change.