?
Solved

Blackberry Enterprise Server Send As Permissions changes after allowing.

Posted on 2006-10-19
8
Medium Priority
?
726 Views
Last Modified: 2012-06-21
Been on the phone extensively with Blackberry Tsupport and they have put it to Microsoft.  I am looking for guidance on an issue regarding Send As permissions in Active Directory.  I followed all the directions from Blackberry on setting up the Enterprise Server and also applied all of the Microsoft articles regarding send as permissions. Here is the issue.

When I go to the Security tab of the user to allow Send As permission to the BESAdmin account, it goes away after 10 minutes or so.  The BESAdmin account doesn't even show up in the Security section.  I have even removed them from every group to where they only were domain users as their only membership and it still reverts back to not keeping the BESAdmin with Send As rights.  I have referred to Microsoft's KB article 907434 and checked to see if the users were in any of the protected groups.  After I verified they were not, I didn't know what direction to take this.  I have worked for days applying MS KB article after KB article to no avail.

If anyone has encountered this issue and has a solution, it would be most appreciated.
0
Comment
Question by:jlaguda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 18

Expert Comment

by:Frankco
ID: 17770520
Hi jlaguda,

In this Microsoft knowledge base article, Microsoft states there is a problem with send as when using RIM products.

http://www.support.microsoft.com/kb/912918

Not sure if this is the case with the problem you are having but, perhaps.

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770538
Hi jlaguada,

Just what you wanted, another kb article.

"The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server"

http://www.support.microsoft.com/kb/907434/

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770561
Ah.. I see you looked at that one. Sorry.

cheers,
frankco
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 3

Expert Comment

by:techtommy
ID: 17842670
One solution would be to elevate the Besadmin account to Domain Admin.  This account has the rights by default.  Are you setting the permissions at each account level or at the mail server level?
0
 

Author Comment

by:jlaguda
ID: 17852246
Everyone seems to be pointing to the same articles that I have already researched, but thanks for the contributions.  I had a consultant come in and he was also confused as to why the rules reverted even when the hotfixes from Microsoft were applied.  The last thing we wanted to do was raise the BES Administrator account to Domain Admins for the same reason it defaults to remove the account.  I am not trying to circumvent the security Microsoft is trying to keep in place, but we did do a workaround that allowed the privledges.  

To answer techtommy's reply, we changed permissions at both the account level and at the mail server level, per instructions from Blackberry and Microsoft.  

As for the fix, it was a blend of what techtommy suggested.  We contemplated, or at least I did, giving the BES account Domain Admins rights, but after looking and doing the research why this wasn't done in the first place, i held off.  What our consultant did was not give it Domain Admin rights in AD, but going to the main root of Exchange and giving the Send As rights to the BES Administrator account there.  That seemed to be the only way the rights would stick and also not give it elevated rights across the domain.  I may have missed a step, but I will correct it as soon as I get in touch with my consultant.  I am documenting the changes for my records in case it become an issue later and I have to undo it.

Thanks for all of your help, though.
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17852327
Thank you for posting the fix jlaguda!

cheers,
frankco
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18032877
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

All of the resources available today make learning a new digital media easier than ever-- if you know where to begin. This is a clear, simple guide to a few of the basic digital art mediums and how to begin learning them on your own.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question