Solved

Blackberry Enterprise Server Send As Permissions changes after allowing.

Posted on 2006-10-19
8
725 Views
Last Modified: 2012-06-21
Been on the phone extensively with Blackberry Tsupport and they have put it to Microsoft.  I am looking for guidance on an issue regarding Send As permissions in Active Directory.  I followed all the directions from Blackberry on setting up the Enterprise Server and also applied all of the Microsoft articles regarding send as permissions. Here is the issue.

When I go to the Security tab of the user to allow Send As permission to the BESAdmin account, it goes away after 10 minutes or so.  The BESAdmin account doesn't even show up in the Security section.  I have even removed them from every group to where they only were domain users as their only membership and it still reverts back to not keeping the BESAdmin with Send As rights.  I have referred to Microsoft's KB article 907434 and checked to see if the users were in any of the protected groups.  After I verified they were not, I didn't know what direction to take this.  I have worked for days applying MS KB article after KB article to no avail.

If anyone has encountered this issue and has a solution, it would be most appreciated.
0
Comment
Question by:jlaguda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 18

Expert Comment

by:Frankco
ID: 17770520
Hi jlaguda,

In this Microsoft knowledge base article, Microsoft states there is a problem with send as when using RIM products.

http://www.support.microsoft.com/kb/912918

Not sure if this is the case with the problem you are having but, perhaps.

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770538
Hi jlaguada,

Just what you wanted, another kb article.

"The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server"

http://www.support.microsoft.com/kb/907434/

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770561
Ah.. I see you looked at that one. Sorry.

cheers,
frankco
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Expert Comment

by:techtommy
ID: 17842670
One solution would be to elevate the Besadmin account to Domain Admin.  This account has the rights by default.  Are you setting the permissions at each account level or at the mail server level?
0
 

Author Comment

by:jlaguda
ID: 17852246
Everyone seems to be pointing to the same articles that I have already researched, but thanks for the contributions.  I had a consultant come in and he was also confused as to why the rules reverted even when the hotfixes from Microsoft were applied.  The last thing we wanted to do was raise the BES Administrator account to Domain Admins for the same reason it defaults to remove the account.  I am not trying to circumvent the security Microsoft is trying to keep in place, but we did do a workaround that allowed the privledges.  

To answer techtommy's reply, we changed permissions at both the account level and at the mail server level, per instructions from Blackberry and Microsoft.  

As for the fix, it was a blend of what techtommy suggested.  We contemplated, or at least I did, giving the BES account Domain Admins rights, but after looking and doing the research why this wasn't done in the first place, i held off.  What our consultant did was not give it Domain Admin rights in AD, but going to the main root of Exchange and giving the Send As rights to the BES Administrator account there.  That seemed to be the only way the rights would stick and also not give it elevated rights across the domain.  I may have missed a step, but I will correct it as soon as I get in touch with my consultant.  I am documenting the changes for my records in case it become an issue later and I have to undo it.

Thanks for all of your help, though.
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17852327
Thank you for posting the fix jlaguda!

cheers,
frankco
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18032877
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Invest in your employees with these five simple steps to improve employee engagement and retention.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question