Solved

Blackberry Enterprise Server Send As Permissions changes after allowing.

Posted on 2006-10-19
8
722 Views
Last Modified: 2012-06-21
Been on the phone extensively with Blackberry Tsupport and they have put it to Microsoft.  I am looking for guidance on an issue regarding Send As permissions in Active Directory.  I followed all the directions from Blackberry on setting up the Enterprise Server and also applied all of the Microsoft articles regarding send as permissions. Here is the issue.

When I go to the Security tab of the user to allow Send As permission to the BESAdmin account, it goes away after 10 minutes or so.  The BESAdmin account doesn't even show up in the Security section.  I have even removed them from every group to where they only were domain users as their only membership and it still reverts back to not keeping the BESAdmin with Send As rights.  I have referred to Microsoft's KB article 907434 and checked to see if the users were in any of the protected groups.  After I verified they were not, I didn't know what direction to take this.  I have worked for days applying MS KB article after KB article to no avail.

If anyone has encountered this issue and has a solution, it would be most appreciated.
0
Comment
Question by:jlaguda
8 Comments
 
LVL 18

Expert Comment

by:Frankco
ID: 17770520
Hi jlaguda,

In this Microsoft knowledge base article, Microsoft states there is a problem with send as when using RIM products.

http://www.support.microsoft.com/kb/912918

Not sure if this is the case with the problem you are having but, perhaps.

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770538
Hi jlaguada,

Just what you wanted, another kb article.

"The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server"

http://www.support.microsoft.com/kb/907434/

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770561
Ah.. I see you looked at that one. Sorry.

cheers,
frankco
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 3

Expert Comment

by:techtommy
ID: 17842670
One solution would be to elevate the Besadmin account to Domain Admin.  This account has the rights by default.  Are you setting the permissions at each account level or at the mail server level?
0
 

Author Comment

by:jlaguda
ID: 17852246
Everyone seems to be pointing to the same articles that I have already researched, but thanks for the contributions.  I had a consultant come in and he was also confused as to why the rules reverted even when the hotfixes from Microsoft were applied.  The last thing we wanted to do was raise the BES Administrator account to Domain Admins for the same reason it defaults to remove the account.  I am not trying to circumvent the security Microsoft is trying to keep in place, but we did do a workaround that allowed the privledges.  

To answer techtommy's reply, we changed permissions at both the account level and at the mail server level, per instructions from Blackberry and Microsoft.  

As for the fix, it was a blend of what techtommy suggested.  We contemplated, or at least I did, giving the BES account Domain Admins rights, but after looking and doing the research why this wasn't done in the first place, i held off.  What our consultant did was not give it Domain Admin rights in AD, but going to the main root of Exchange and giving the Send As rights to the BES Administrator account there.  That seemed to be the only way the rights would stick and also not give it elevated rights across the domain.  I may have missed a step, but I will correct it as soon as I get in touch with my consultant.  I am documenting the changes for my records in case it become an issue later and I have to undo it.

Thanks for all of your help, though.
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17852327
Thank you for posting the fix jlaguda!

cheers,
frankco
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18032877
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IT Asset Management 5 84
Windows 10 powershell/cmd/bash alternatives? 11 72
Suggestions of cloud services for small businesses 9 53
Need help with software deployments 3 63
Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Let’s list some of the technologies that enable smooth teleworking. 
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question