Solved

Blackberry Enterprise Server Send As Permissions changes after allowing.

Posted on 2006-10-19
8
710 Views
Last Modified: 2012-06-21
Been on the phone extensively with Blackberry Tsupport and they have put it to Microsoft.  I am looking for guidance on an issue regarding Send As permissions in Active Directory.  I followed all the directions from Blackberry on setting up the Enterprise Server and also applied all of the Microsoft articles regarding send as permissions. Here is the issue.

When I go to the Security tab of the user to allow Send As permission to the BESAdmin account, it goes away after 10 minutes or so.  The BESAdmin account doesn't even show up in the Security section.  I have even removed them from every group to where they only were domain users as their only membership and it still reverts back to not keeping the BESAdmin with Send As rights.  I have referred to Microsoft's KB article 907434 and checked to see if the users were in any of the protected groups.  After I verified they were not, I didn't know what direction to take this.  I have worked for days applying MS KB article after KB article to no avail.

If anyone has encountered this issue and has a solution, it would be most appreciated.
0
Comment
Question by:jlaguda
8 Comments
 
LVL 18

Expert Comment

by:Frankco
ID: 17770520
Hi jlaguda,

In this Microsoft knowledge base article, Microsoft states there is a problem with send as when using RIM products.

http://www.support.microsoft.com/kb/912918

Not sure if this is the case with the problem you are having but, perhaps.

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770538
Hi jlaguada,

Just what you wanted, another kb article.

"The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server"

http://www.support.microsoft.com/kb/907434/

cheers,
frankco
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17770561
Ah.. I see you looked at that one. Sorry.

cheers,
frankco
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 3

Expert Comment

by:techtommy
ID: 17842670
One solution would be to elevate the Besadmin account to Domain Admin.  This account has the rights by default.  Are you setting the permissions at each account level or at the mail server level?
0
 

Author Comment

by:jlaguda
ID: 17852246
Everyone seems to be pointing to the same articles that I have already researched, but thanks for the contributions.  I had a consultant come in and he was also confused as to why the rules reverted even when the hotfixes from Microsoft were applied.  The last thing we wanted to do was raise the BES Administrator account to Domain Admins for the same reason it defaults to remove the account.  I am not trying to circumvent the security Microsoft is trying to keep in place, but we did do a workaround that allowed the privledges.  

To answer techtommy's reply, we changed permissions at both the account level and at the mail server level, per instructions from Blackberry and Microsoft.  

As for the fix, it was a blend of what techtommy suggested.  We contemplated, or at least I did, giving the BES account Domain Admins rights, but after looking and doing the research why this wasn't done in the first place, i held off.  What our consultant did was not give it Domain Admin rights in AD, but going to the main root of Exchange and giving the Send As rights to the BES Administrator account there.  That seemed to be the only way the rights would stick and also not give it elevated rights across the domain.  I may have missed a step, but I will correct it as soon as I get in touch with my consultant.  I am documenting the changes for my records in case it become an issue later and I have to undo it.

Thanks for all of your help, though.
0
 
LVL 18

Expert Comment

by:Frankco
ID: 17852327
Thank you for posting the fix jlaguda!

cheers,
frankco
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18032877
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
A list of useful business intelligence software.
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now