Veritas Backup Exec 9.1 - BEWARE!! - Veritas Backup Exec

This is a discussion on Veritas Backup Exec 9.1 - BEWARE!! - Veritas Backup Exec ; I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade BE to version 9.1 because of the compatibility issues and that this version is compatible with W2K3. What I found out during the installation that they ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Veritas Backup Exec 9.1 - BEWARE!!

  1. Veritas Backup Exec 9.1 - BEWARE!!

    I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    BE to version 9.1 because of the compatibility issues and that this version
    is compatible with W2K3. What I found out during the installation that
    they are using drivers that HAVE NOT passed the Windows logo certification.
    I prompted stopped the installation. I can't believe that Veritas is doing
    this, don't they have a clue that these are servers and the importance of
    drivers that have been certified by Microsoft? I have always recommend their
    product to my clients but I have changed my mind, I am considering removing
    it from my server. Can anyone make any recommendations on backup software? I
    guess I can use NTBackup but I like the idea of backing up individual
    mailboxes in Exchange and the scheduling is easier.
    Look at what the Veritas readme file says, can you believe that they are
    instructing you to apply a group policy to your network to allow unsigned
    drivers and let them install silently, UNBELIEVABLE!!
    Beware,

    Rick in the Midwest

    Read below: (from the readme file)
    After installing Backup Exec on a computer running Windows Server 2003, a
    message displays during driver installation that indicates the drivers about
    to be installed have not gone through the Microsoft Windows Hardware Quality
    Labs (WHQL) program. The VERITAS drivers go through a similar qualification
    process. VERITAS recommends that you install the VERITAS drivers. Use the
    following steps to make the necessary policy setting change.

    a.. Incorporate the driver installation into Setup by using the
    DriverSigningPolicy=ignore setting. (See related articles.)

    b.. Implement a driver signing policy in a Windows 2000, Windows XP, or
    Windows Server 2003 Domain by using Group Policy:

    1.. Under Administrator Tools, in the Active Directory Users and
    Computers snap-in, right-click the domain root, click Properties, and then
    click the Group Policy tab.

    2.. Click the default domain policy, and then click Edit.

    3.. Expand Computer Configuration, expand Windows Settings, and then
    expand Security Settings. Expand Local Policies, expand Security Options,
    and then modify Device: Unsigned driver installation Behavior to the setting
    that you want to use. Select "silently succeed".

    Note: This policy is a domain-wide policy.

    Note: To set the policy on the local computer where no Domain policy is
    applied, click Start, point to Settings, click Control Panel, and then
    double-click System. On the Hardware tab, click Driver Signing..., and then
    select a verification setting.

    Note: Windows XP queries for the policy and ensures that it matches the
    entry that is stored for it in an alternate location. However, if the
    operating system determines that the Driver Signing Policy registry key has
    been tampered with, the operating system automatically resets to the correct
    values (or the default value, which is Warn and Ignore for non-driver
    signing policy).

    Note: For silent installations, the /td: option to install VERITAS tape
    device drivers will be ignored unless your driver signing policy is set for
    Ignore.




  2. Re: Veritas Backup Exec 9.1 - BEWARE!!

    Actually I didn't discovery anything. This is already in their readme file
    and Veritas is aware that they are not using signed drivers. I just wanted
    the public to be aware of the issues and think twice before they upgrade as
    I was in disbelief when I was upgrading. I am glad that Veritas is
    addressing this issue with a hotfix/servicepack. I will just wait to upgrade
    until their product is certified.

    Rick

    "Sethu Mohan" wrote in message
    news:3fd03871@ROSASTDMZ05....
    >
    > Hi Rick,
    >
    > Thanking you for sharing this critical & vital information.
    > I appreciate your critical discovery and congratulate you for the same.
    > I would like to share that BEWS 9.1 is still under the evaluation. And

    though
    > its just a week of its release, a Hot fix is already available for

    download.
    > So this too can be fixed wih a service pack immediatley.
    >
    > The following URL gives a list of enhancements from BEWS 9.0
    > http://seer.support.veritas.com/docs/258104.htm
    >
    > I encourage you to furnish this valiable discovery with proof
    > at http://enhancement.veritas.com, its the Veritas Product Enhancement

    Portal.
    >
    > All the Best an Good Job done
    >
    > With Regards
    >
    > Sethu Mohan
    >
    > "Rick" wrote:
    > >I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    > >BE to version 9.1 because of the compatibility issues and that this

    version
    > >is compatible with W2K3. What I found out during the installation that
    > >they are using drivers that HAVE NOT passed the Windows logo

    certification.
    > >I prompted stopped the installation. I can't believe that Veritas is

    doing
    > >this, don't they have a clue that these are servers and the importance of
    > >drivers that have been certified by Microsoft? I have always recommend

    their
    > >product to my clients but I have changed my mind, I am considering

    removing
    > >it from my server. Can anyone make any recommendations on backup

    software?
    > I
    > >guess I can use NTBackup but I like the idea of backing up individual
    > >mailboxes in Exchange and the scheduling is easier.
    > >Look at what the Veritas readme file says, can you believe that they are
    > >instructing you to apply a group policy to your network to allow unsigned
    > >drivers and let them install silently, UNBELIEVABLE!!
    > >Beware,
    > >
    > >Rick in the Midwest
    > >
    > >Read below: (from the readme file)
    > >After installing Backup Exec on a computer running Windows Server 2003,

    > a
    > >message displays during driver installation that indicates the drivers

    about
    > >to be installed have not gone through the Microsoft Windows Hardware

    Quality
    > >Labs (WHQL) program. The VERITAS drivers go through a similar

    qualification
    > >process. VERITAS recommends that you install the VERITAS drivers. Use the
    > >following steps to make the necessary policy setting change.
    > >
    > > a.. Incorporate the driver installation into Setup by using the
    > >DriverSigningPolicy=ignore setting. (See related articles.)
    > >
    > > b.. Implement a driver signing policy in a Windows 2000, Windows XP, or
    > >Windows Server 2003 Domain by using Group Policy:
    > >
    > > 1.. Under Administrator Tools, in the Active Directory Users and
    > >Computers snap-in, right-click the domain root, click Properties, and

    then
    > >click the Group Policy tab.
    > >
    > > 2.. Click the default domain policy, and then click Edit.
    > >
    > > 3.. Expand Computer Configuration, expand Windows Settings, and then
    > >expand Security Settings. Expand Local Policies, expand Security Options,
    > >and then modify Device: Unsigned driver installation Behavior to the

    setting
    > >that you want to use. Select "silently succeed".
    > >
    > > Note: This policy is a domain-wide policy.
    > >
    > > Note: To set the policy on the local computer where no Domain policy is
    > >applied, click Start, point to Settings, click Control Panel, and then
    > >double-click System. On the Hardware tab, click Driver Signing..., and

    then
    > >select a verification setting.
    > >
    > > Note: Windows XP queries for the policy and ensures that it matches the
    > >entry that is stored for it in an alternate location. However, if the
    > >operating system determines that the Driver Signing Policy registry key

    > has
    > >been tampered with, the operating system automatically resets to the

    correct
    > >values (or the default value, which is Warn and Ignore for non-driver
    > >signing policy).
    > >
    > > Note: For silent installations, the /td: option to install VERITAS tape
    > >device drivers will be ignored unless your driver signing policy is set

    > for
    > >Ignore.
    > >
    > >
    > >

    >




  3. Re: Veritas Backup Exec 9.1 - BEWARE!!


    Hi Rick,

    Thanking you for sharing this critical & vital information.
    I appreciate your critical discovery and congratulate you for the same.
    I would like to share that BEWS 9.1 is still under the evaluation. And though
    its just a week of its release, a Hot fix is already available for download.
    So this too can be fixed wih a service pack immediatley.

    The following URL gives a list of enhancements from BEWS 9.0
    http://seer.support.veritas.com/docs/258104.htm

    I encourage you to furnish this valiable discovery with proof
    at http://enhancement.veritas.com, its the Veritas Product Enhancement Portal.

    All the Best an Good Job done

    With Regards

    Sethu Mohan

    "Rick" wrote:
    >I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    >BE to version 9.1 because of the compatibility issues and that this version
    >is compatible with W2K3. What I found out during the installation that
    >they are using drivers that HAVE NOT passed the Windows logo certification.
    >I prompted stopped the installation. I can't believe that Veritas is doing
    >this, don't they have a clue that these are servers and the importance of
    >drivers that have been certified by Microsoft? I have always recommend their
    >product to my clients but I have changed my mind, I am considering removing
    >it from my server. Can anyone make any recommendations on backup software?

    I
    >guess I can use NTBackup but I like the idea of backing up individual
    >mailboxes in Exchange and the scheduling is easier.
    >Look at what the Veritas readme file says, can you believe that they are
    >instructing you to apply a group policy to your network to allow unsigned
    >drivers and let them install silently, UNBELIEVABLE!!
    >Beware,
    >
    >Rick in the Midwest
    >
    >Read below: (from the readme file)
    >After installing Backup Exec on a computer running Windows Server 2003,

    a
    >message displays during driver installation that indicates the drivers about
    >to be installed have not gone through the Microsoft Windows Hardware Quality
    >Labs (WHQL) program. The VERITAS drivers go through a similar qualification
    >process. VERITAS recommends that you install the VERITAS drivers. Use the
    >following steps to make the necessary policy setting change.
    >
    > a.. Incorporate the driver installation into Setup by using the
    >DriverSigningPolicy=ignore setting. (See related articles.)
    >
    > b.. Implement a driver signing policy in a Windows 2000, Windows XP, or
    >Windows Server 2003 Domain by using Group Policy:
    >
    > 1.. Under Administrator Tools, in the Active Directory Users and
    >Computers snap-in, right-click the domain root, click Properties, and then
    >click the Group Policy tab.
    >
    > 2.. Click the default domain policy, and then click Edit.
    >
    > 3.. Expand Computer Configuration, expand Windows Settings, and then
    >expand Security Settings. Expand Local Policies, expand Security Options,
    >and then modify Device: Unsigned driver installation Behavior to the setting
    >that you want to use. Select "silently succeed".
    >
    > Note: This policy is a domain-wide policy.
    >
    > Note: To set the policy on the local computer where no Domain policy is
    >applied, click Start, point to Settings, click Control Panel, and then
    >double-click System. On the Hardware tab, click Driver Signing..., and then
    >select a verification setting.
    >
    > Note: Windows XP queries for the policy and ensures that it matches the
    >entry that is stored for it in an alternate location. However, if the
    >operating system determines that the Driver Signing Policy registry key

    has
    >been tampered with, the operating system automatically resets to the correct
    >values (or the default value, which is Warn and Ignore for non-driver
    >signing policy).
    >
    > Note: For silent installations, the /td: option to install VERITAS tape
    >device drivers will be ignored unless your driver signing policy is set

    for
    >Ignore.
    >
    >
    >



  4. Re: Veritas Backup Exec 9.1 - BEWARE!!

    Rick wrote:
    > I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    > BE to version 9.1 because of the compatibility issues and that this version
    > is compatible with W2K3. What I found out during the installation that
    > they are using drivers that HAVE NOT passed the Windows logo certification.
    > I prompted stopped the installation. I can't believe that Veritas is doing
    > this, don't they have a clue that these are servers and the importance of
    > drivers that have been certified by Microsoft? I have always recommend their
    > product to my clients but I have changed my mind, I am considering removing
    > it from my server. Can anyone make any recommendations on backup software? I
    > guess I can use NTBackup but I like the idea of backing up individual
    > mailboxes in Exchange and the scheduling is easier.
    > Look at what the Veritas readme file says, can you believe that they are
    > instructing you to apply a group policy to your network to allow unsigned
    > drivers and let them install silently, UNBELIEVABLE!!
    > Beware,
    >
    > Rick in the Midwest
    >
    > Read below: (from the readme file)
    > After installing Backup Exec on a computer running Windows Server 2003, a
    > message displays during driver installation that indicates the drivers about
    > to be installed have not gone through the Microsoft Windows Hardware Quality
    > Labs (WHQL) program. The VERITAS drivers go through a similar qualification
    > process. VERITAS recommends that you install the VERITAS drivers. Use the
    > following steps to make the necessary policy setting change.
    >
    > a.. Incorporate the driver installation into Setup by using the
    > DriverSigningPolicy=ignore setting. (See related articles.)
    >
    > b.. Implement a driver signing policy in a Windows 2000, Windows XP, or
    > Windows Server 2003 Domain by using Group Policy:
    >
    > 1.. Under Administrator Tools, in the Active Directory Users and
    > Computers snap-in, right-click the domain root, click Properties, and then
    > click the Group Policy tab.
    >
    > 2.. Click the default domain policy, and then click Edit.
    >
    > 3.. Expand Computer Configuration, expand Windows Settings, and then
    > expand Security Settings. Expand Local Policies, expand Security Options,
    > and then modify Device: Unsigned driver installation Behavior to the setting
    > that you want to use. Select "silently succeed".
    >
    > Note: This policy is a domain-wide policy.
    >
    > Note: To set the policy on the local computer where no Domain policy is
    > applied, click Start, point to Settings, click Control Panel, and then
    > double-click System. On the Hardware tab, click Driver Signing..., and then
    > select a verification setting.
    >
    > Note: Windows XP queries for the policy and ensures that it matches the
    > entry that is stored for it in an alternate location. However, if the
    > operating system determines that the Driver Signing Policy registry key has
    > been tampered with, the operating system automatically resets to the correct
    > values (or the default value, which is Warn and Ignore for non-driver
    > signing policy).
    >
    > Note: For silent installations, the /td: option to install VERITAS tape
    > device drivers will be ignored unless your driver signing policy is set for
    > Ignore.
    >
    >
    >


    You really need to ratchet down a notch on your reaction. Windows
    Driver Signing guarantees nothing. I've seen plenty of crashes related
    to "signed" drivers. It may be nice that you can say hey all my stuff
    is signed, but just because it's not doesn't mean there is anything
    wrong with it. I've never had crashes related to my nvidia video
    drivers and half the time their versions aren't signed, and that is a
    critical component. They documented it in it's file and I understand
    that you may want to make people aware of it before they upgrade, but to
    say you are going to basically look at dumping their product line over
    this is an extreme over-reaction. I've had lots of REAL issues with
    their Netware versions that have now and then made that thought cross my
    mind, but this really doesn't rate on that level.

    You do make a very valid point however about the domain wide group
    policy. That however is up to the administrator if he wants to do that
    or not. I've considered it because when you push down an printer via
    NDPS to an XP box, you always get the driver signing warning even though
    the driver is properly signed. NDPS strips it off.

    Getting back to the point now that I drifted, I really think you place
    way to much emphasis on driver signing. It's not all it's cracked up to be.

    Patrick



  5. Re: Veritas Backup Exec 9.1 - BEWARE!!

    Rick wrote:

    > I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    > BE to version 9.1 because of the compatibility issues and that this version
    > is compatible with W2K3. What I found out during the installation that
    > they are using drivers that HAVE NOT passed the Windows logo certification.
    > I prompted stopped the installation. I can't believe that Veritas is doing
    > this, don't they have a clue that these are servers and the importance of
    > drivers that have been certified by Microsoft? I have always recommend their
    > product to my clients but I have changed my mind, I am considering removing
    > it from my server. Can anyone make any recommendations on backup software? I
    > guess I can use NTBackup but I like the idea of backing up individual
    > mailboxes in Exchange and the scheduling is easier.
    > Look at what the Veritas readme file says, can you believe that they are
    > instructing you to apply a group policy to your network to allow unsigned
    > drivers and let them install silently, UNBELIEVABLE!!
    > Beware,
    >
    > Rick in the Midwest
    >
    > Read below: (from the readme file)
    > After installing Backup Exec on a computer running Windows Server 2003, a
    > message displays during driver installation that indicates the drivers about
    > to be installed have not gone through the Microsoft Windows Hardware Quality
    > Labs (WHQL) program. The VERITAS drivers go through a similar qualification
    > process. VERITAS recommends that you install the VERITAS drivers. Use the
    > following steps to make the necessary policy setting change.
    >
    > a.. Incorporate the driver installation into Setup by using the
    > DriverSigningPolicy=ignore setting. (See related articles.)
    >
    > b.. Implement a driver signing policy in a Windows 2000, Windows XP, or
    > Windows Server 2003 Domain by using Group Policy:
    >
    > 1.. Under Administrator Tools, in the Active Directory Users and
    > Computers snap-in, right-click the domain root, click Properties, and then
    > click the Group Policy tab.
    >
    > 2.. Click the default domain policy, and then click Edit.
    >
    > 3.. Expand Computer Configuration, expand Windows Settings, and then
    > expand Security Settings. Expand Local Policies, expand Security Options,
    > and then modify Device: Unsigned driver installation Behavior to the setting
    > that you want to use. Select "silently succeed".
    >
    > Note: This policy is a domain-wide policy.
    >
    > Note: To set the policy on the local computer where no Domain policy is
    > applied, click Start, point to Settings, click Control Panel, and then
    > double-click System. On the Hardware tab, click Driver Signing..., and then
    > select a verification setting.
    >
    > Note: Windows XP queries for the policy and ensures that it matches the
    > entry that is stored for it in an alternate location. However, if the
    > operating system determines that the Driver Signing Policy registry key has
    > been tampered with, the operating system automatically resets to the correct
    > values (or the default value, which is Warn and Ignore for non-driver
    > signing policy).
    >
    > Note: For silent installations, the /td: option to install VERITAS tape
    > device drivers will be ignored unless your driver signing policy is set for
    > Ignore.
    >
    >
    >

    By the way, it's worth noting that Microsoft patches and Service packs
    are signed, and they break all sorts of things.


  6. Re: Veritas Backup Exec 9.1 - BEWARE!!

    I agree that driver-signing is not a big deal, and I also agree that
    requiring users to set a domain-wide policy over it is tacky.

    GaryK

    "Patrick Farrell" wrote in message
    news:3fd3a00c@ROSASTDMZ05....
    > Rick wrote:
    > > I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    > > BE to version 9.1 because of the compatibility issues and that this

    version
    > > is compatible with W2K3. What I found out during the installation that
    > > they are using drivers that HAVE NOT passed the Windows logo

    certification.
    > > I prompted stopped the installation. I can't believe that Veritas is

    doing
    > > this, don't they have a clue that these are servers and the importance

    of
    > > drivers that have been certified by Microsoft? I have always recommend

    their
    > > product to my clients but I have changed my mind, I am considering

    removing
    > > it from my server. Can anyone make any recommendations on backup

    software? I
    > > guess I can use NTBackup but I like the idea of backing up individual
    > > mailboxes in Exchange and the scheduling is easier.
    > > Look at what the Veritas readme file says, can you believe that they are
    > > instructing you to apply a group policy to your network to allow

    unsigned
    > > drivers and let them install silently, UNBELIEVABLE!!
    > > Beware,
    > >
    > > Rick in the Midwest
    > >
    > > Read below: (from the readme file)
    > > After installing Backup Exec on a computer running Windows Server 2003,

    a
    > > message displays during driver installation that indicates the drivers

    about
    > > to be installed have not gone through the Microsoft Windows Hardware

    Quality
    > > Labs (WHQL) program. The VERITAS drivers go through a similar

    qualification
    > > process. VERITAS recommends that you install the VERITAS drivers. Use

    the
    > > following steps to make the necessary policy setting change.
    > >
    > > a.. Incorporate the driver installation into Setup by using the
    > > DriverSigningPolicy=ignore setting. (See related articles.)
    > >
    > > b.. Implement a driver signing policy in a Windows 2000, Windows XP,

    or
    > > Windows Server 2003 Domain by using Group Policy:
    > >
    > > 1.. Under Administrator Tools, in the Active Directory Users and
    > > Computers snap-in, right-click the domain root, click Properties, and

    then
    > > click the Group Policy tab.
    > >
    > > 2.. Click the default domain policy, and then click Edit.
    > >
    > > 3.. Expand Computer Configuration, expand Windows Settings, and then
    > > expand Security Settings. Expand Local Policies, expand Security

    Options,
    > > and then modify Device: Unsigned driver installation Behavior to the

    setting
    > > that you want to use. Select "silently succeed".
    > >
    > > Note: This policy is a domain-wide policy.
    > >
    > > Note: To set the policy on the local computer where no Domain policy

    is
    > > applied, click Start, point to Settings, click Control Panel, and then
    > > double-click System. On the Hardware tab, click Driver Signing..., and

    then
    > > select a verification setting.
    > >
    > > Note: Windows XP queries for the policy and ensures that it matches

    the
    > > entry that is stored for it in an alternate location. However, if the
    > > operating system determines that the Driver Signing Policy registry key

    has
    > > been tampered with, the operating system automatically resets to the

    correct
    > > values (or the default value, which is Warn and Ignore for non-driver
    > > signing policy).
    > >
    > > Note: For silent installations, the /td: option to install VERITAS

    tape
    > > device drivers will be ignored unless your driver signing policy is set

    for
    > > Ignore.
    > >
    > >
    > >

    >
    > You really need to ratchet down a notch on your reaction. Windows
    > Driver Signing guarantees nothing. I've seen plenty of crashes related
    > to "signed" drivers. It may be nice that you can say hey all my stuff
    > is signed, but just because it's not doesn't mean there is anything
    > wrong with it. I've never had crashes related to my nvidia video
    > drivers and half the time their versions aren't signed, and that is a
    > critical component. They documented it in it's file and I understand
    > that you may want to make people aware of it before they upgrade, but to
    > say you are going to basically look at dumping their product line over
    > this is an extreme over-reaction. I've had lots of REAL issues with
    > their Netware versions that have now and then made that thought cross my
    > mind, but this really doesn't rate on that level.
    >
    > You do make a very valid point however about the domain wide group
    > policy. That however is up to the administrator if he wants to do that
    > or not. I've considered it because when you push down an printer via
    > NDPS to an XP box, you always get the driver signing warning even though
    > the driver is properly signed. NDPS strips it off.
    >
    > Getting back to the point now that I drifted, I really think you place
    > way to much emphasis on driver signing. It's not all it's cracked up to

    be.
    >
    > Patrick
    >
    >




  7. Re: Veritas Backup Exec 9.1 - BEWARE!!

    Sethu,

    I don't see the hotfix to which you refer. What's the number please?

    GaryK

    "Sethu Mohan" wrote in message
    news:3fd03871@ROSASTDMZ05....
    >
    > Hi Rick,
    >
    > Thanking you for sharing this critical & vital information.
    > I appreciate your critical discovery and congratulate you for the same.
    > I would like to share that BEWS 9.1 is still under the evaluation. And

    though
    > its just a week of its release, a Hot fix is already available for

    download.
    > So this too can be fixed wih a service pack immediatley.
    >
    > The following URL gives a list of enhancements from BEWS 9.0
    > http://seer.support.veritas.com/docs/258104.htm
    >
    > I encourage you to furnish this valiable discovery with proof
    > at http://enhancement.veritas.com, its the Veritas Product Enhancement

    Portal.
    >
    > All the Best an Good Job done
    >
    > With Regards
    >
    > Sethu Mohan
    >
    > "Rick" wrote:
    > >I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    > >BE to version 9.1 because of the compatibility issues and that this

    version
    > >is compatible with W2K3. What I found out during the installation that
    > >they are using drivers that HAVE NOT passed the Windows logo

    certification.
    > >I prompted stopped the installation. I can't believe that Veritas is

    doing
    > >this, don't they have a clue that these are servers and the importance of
    > >drivers that have been certified by Microsoft? I have always recommend

    their
    > >product to my clients but I have changed my mind, I am considering

    removing
    > >it from my server. Can anyone make any recommendations on backup

    software?
    > I
    > >guess I can use NTBackup but I like the idea of backing up individual
    > >mailboxes in Exchange and the scheduling is easier.
    > >Look at what the Veritas readme file says, can you believe that they are
    > >instructing you to apply a group policy to your network to allow unsigned
    > >drivers and let them install silently, UNBELIEVABLE!!
    > >Beware,
    > >
    > >Rick in the Midwest
    > >
    > >Read below: (from the readme file)
    > >After installing Backup Exec on a computer running Windows Server 2003,

    > a
    > >message displays during driver installation that indicates the drivers

    about
    > >to be installed have not gone through the Microsoft Windows Hardware

    Quality
    > >Labs (WHQL) program. The VERITAS drivers go through a similar

    qualification
    > >process. VERITAS recommends that you install the VERITAS drivers. Use the
    > >following steps to make the necessary policy setting change.
    > >
    > > a.. Incorporate the driver installation into Setup by using the
    > >DriverSigningPolicy=ignore setting. (See related articles.)
    > >
    > > b.. Implement a driver signing policy in a Windows 2000, Windows XP, or
    > >Windows Server 2003 Domain by using Group Policy:
    > >
    > > 1.. Under Administrator Tools, in the Active Directory Users and
    > >Computers snap-in, right-click the domain root, click Properties, and

    then
    > >click the Group Policy tab.
    > >
    > > 2.. Click the default domain policy, and then click Edit.
    > >
    > > 3.. Expand Computer Configuration, expand Windows Settings, and then
    > >expand Security Settings. Expand Local Policies, expand Security Options,
    > >and then modify Device: Unsigned driver installation Behavior to the

    setting
    > >that you want to use. Select "silently succeed".
    > >
    > > Note: This policy is a domain-wide policy.
    > >
    > > Note: To set the policy on the local computer where no Domain policy is
    > >applied, click Start, point to Settings, click Control Panel, and then
    > >double-click System. On the Hardware tab, click Driver Signing..., and

    then
    > >select a verification setting.
    > >
    > > Note: Windows XP queries for the policy and ensures that it matches the
    > >entry that is stored for it in an alternate location. However, if the
    > >operating system determines that the Driver Signing Policy registry key

    > has
    > >been tampered with, the operating system automatically resets to the

    correct
    > >values (or the default value, which is Warn and Ignore for non-driver
    > >signing policy).
    > >
    > > Note: For silent installations, the /td: option to install VERITAS tape
    > >device drivers will be ignored unless your driver signing policy is set

    > for
    > >Ignore.
    > >
    > >
    > >

    >




  8. Re: Veritas Backup Exec 9.1 - BEWARE!!







    Well, the drivers may not have been signed but the 9.1 version is MS Logo
    Certified. Even MS does not require the drivers to be signed for Logo Cert.
    They would have to pay MS for re-signing the driver everytime the driver
    was updated for all tape devices. Not much value. Besides, if you dont like
    VRTS drivers, use the MS ones. BE doesnt care.

    Both 9.0 and 9.1 passed on W2K and W2K3.

    http://cert.veritest.com/CfWreports/...arch&pr=0&pc=1







    "Gary Karasik" wrote:
    >I agree that driver-signing is not a big deal, and I also agree that
    >requiring users to set a domain-wide policy over it is tacky.
    >
    >GaryK
    >
    >"Patrick Farrell" wrote in message
    >news:3fd3a00c@ROSASTDMZ05....
    >> Rick wrote:
    >> > I just upgraded my W2K that has Backup Exec v9.0. I attempted to upgrade
    >> > BE to version 9.1 because of the compatibility issues and that this

    >version
    >> > is compatible with W2K3. What I found out during the installation that
    >> > they are using drivers that HAVE NOT passed the Windows logo

    >certification.
    >> > I prompted stopped the installation. I can't believe that Veritas is

    >doing
    >> > this, don't they have a clue that these are servers and the importance

    >of
    >> > drivers that have been certified by Microsoft? I have always recommend

    >their
    >> > product to my clients but I have changed my mind, I am considering

    >removing
    >> > it from my server. Can anyone make any recommendations on backup

    >software? I
    >> > guess I can use NTBackup but I like the idea of backing up individual
    >> > mailboxes in Exchange and the scheduling is easier.
    >> > Look at what the Veritas readme file says, can you believe that they

    are
    >> > instructing you to apply a group policy to your network to allow

    >unsigned
    >> > drivers and let them install silently, UNBELIEVABLE!!
    >> > Beware,
    >> >
    >> > Rick in the Midwest
    >> >
    >> > Read below: (from the readme file)
    >> > After installing Backup Exec on a computer running Windows Server 2003,

    >a
    >> > message displays during driver installation that indicates the drivers

    >about
    >> > to be installed have not gone through the Microsoft Windows Hardware

    >Quality
    >> > Labs (WHQL) program. The VERITAS drivers go through a similar

    >qualification
    >> > process. VERITAS recommends that you install the VERITAS drivers. Use

    >the
    >> > following steps to make the necessary policy setting change.
    >> >
    >> > a.. Incorporate the driver installation into Setup by using the
    >> > DriverSigningPolicy=ignore setting. (See related articles.)
    >> >
    >> > b.. Implement a driver signing policy in a Windows 2000, Windows XP,

    >or
    >> > Windows Server 2003 Domain by using Group Policy:
    >> >
    >> > 1.. Under Administrator Tools, in the Active Directory Users and
    >> > Computers snap-in, right-click the domain root, click Properties, and

    >then
    >> > click the Group Policy tab.
    >> >
    >> > 2.. Click the default domain policy, and then click Edit.
    >> >
    >> > 3.. Expand Computer Configuration, expand Windows Settings, and

    then
    >> > expand Security Settings. Expand Local Policies, expand Security

    >Options,
    >> > and then modify Device: Unsigned driver installation Behavior to the

    >setting
    >> > that you want to use. Select "silently succeed".
    >> >
    >> > Note: This policy is a domain-wide policy.
    >> >
    >> > Note: To set the policy on the local computer where no Domain policy

    >is
    >> > applied, click Start, point to Settings, click Control Panel, and then
    >> > double-click System. On the Hardware tab, click Driver Signing..., and

    >then
    >> > select a verification setting.
    >> >
    >> > Note: Windows XP queries for the policy and ensures that it matches

    >the
    >> > entry that is stored for it in an alternate location. However, if the
    >> > operating system determines that the Driver Signing Policy registry

    key
    >has
    >> > been tampered with, the operating system automatically resets to the

    >correct
    >> > values (or the default value, which is Warn and Ignore for non-driver
    >> > signing policy).
    >> >
    >> > Note: For silent installations, the /td: option to install VERITAS

    >tape
    >> > device drivers will be ignored unless your driver signing policy is

    set
    >for
    >> > Ignore.
    >> >
    >> >
    >> >

    >>
    >> You really need to ratchet down a notch on your reaction. Windows
    >> Driver Signing guarantees nothing. I've seen plenty of crashes related
    >> to "signed" drivers. It may be nice that you can say hey all my stuff
    >> is signed, but just because it's not doesn't mean there is anything
    >> wrong with it. I've never had crashes related to my nvidia video
    >> drivers and half the time their versions aren't signed, and that is a
    >> critical component. They documented it in it's file and I understand
    >> that you may want to make people aware of it before they upgrade, but

    to
    >> say you are going to basically look at dumping their product line over
    >> this is an extreme over-reaction. I've had lots of REAL issues with
    >> their Netware versions that have now and then made that thought cross

    my
    >> mind, but this really doesn't rate on that level.
    >>
    >> You do make a very valid point however about the domain wide group
    >> policy. That however is up to the administrator if he wants to do that
    >> or not. I've considered it because when you push down an printer via
    >> NDPS to an XP box, you always get the driver signing warning even though
    >> the driver is properly signed. NDPS strips it off.
    >>
    >> Getting back to the point now that I drifted, I really think you place
    >> way to much emphasis on driver signing. It's not all it's cracked up

    to
    >be.
    >>
    >> Patrick
    >>
    >>

    >
    >



+ Reply to Thread