There is no way to copy anything from a Trusted system to a non-Trusted system. The two methods are quite different and the subdirectories in the /tcb structure contain much more than just passwords.
So your DR machine is not really a DR machine for the 10.01 system because they don't match in the most basic part: user authentication. The good news is that you can change the 10.20 system to Trusted in less than a minute using SAM. Look at the accounting task. When you go to accounting, it will ask if you want to convert.
Now your 10.20 system is Trusted. NOTE: the untrusted passwords are all 8 characters or less, but unfortunately users can type more than 8 with the system silently ignoring characters 9 and beyond. But once the system is Trusted, the extra charcaters are no longer ignored. So it's possible some users may fail to login--just tell them to use only the first 8.
10.20 has been obsolete since 2001 and 10.01 obsolete for a lot longer. I would be quite concerned about having production code running on 10.01 and would also be concerned about using 10.20 for DR. Trusted systems were introduced at 10.01 so there is a small possibility that the /tcb directory contents may have some compatibility issues. You would be safer to clone your 10.01 system using Ignite/UX. That will avoid patch and version issues.
If your application runs on 10.20, I would strongly recommend creating a fully patched 10.20 system and porting your apps to that system. Then after testing, make 10.20 production and work on porting to 11.11. There are just too many security and other patch issues with 10.01 and 10.20.
Bill Hassell, sysadmin
