Blackberry Server (BES) installed on the Windows 2003 SBS domain controller?

Posted on 2007-10-17
Last Modified: 2008-03-11
I made the first visit to a new client today and discovered that a previous tech setup the BES software on the client's only server, the Windows 2003 SBS domain controller.  (It also runs the Exchange server.)  All of the Blackberry services and MAPI profile are running under the Administrator account!  I have three questions below.

I've read the white papers and am experienced in managing all of the software involved--when it is setup as the manufacturers recommend.  

Everything appears to be working correctly (I have not yet had time for a detailed survey of system health.)  The load on the server is very low: 4 users, two of which have blackberries.  So I am not worried about hardware resources in this situation.

1) Upon searching I have seen it mentioned in passing that BES can be installed on the SBS server (along with Exchange.)  Is this true, and if so are there foreseeable problems that may arise from this setup?

I have not investigated all of the security workarounds that had to be implemented to get BES to run under the Administrator account, but based on past experience I know some restrictions had to be lifted from the Administrators group to get BES to function.  (Running SBS SP1 and Exchange SP2.)

2) Since this BES install is running on the SBS server are there any special cases/reasons that would require BES to run under the Administrator account?

3) If not, I plan to create a "BESADMIN" account with the recommended permissions and run the BES server under that.  What steps will need to be taken to resecure the administrator account?
Question by:Adam Ray
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    I've installed BES Express on SBS's without any problem whatsoever.

    Be sure to follow Gary's Guide to doing this though...

    LVL 5

    Author Comment

    by:Adam Ray
    Thanks for the quick response.  Unless I hear otherwise I'll take that to mean the two can run in harmony when configured properly.

    Does anyone what will likely have to be done to resecure the administrator account to it's default rights?
    LVL 74

    Accepted Solution

    Actually it's not that loose... if you read through Gary's how-to.. you'll see that all you add is "Log on Locally" and "log on as a service".  Those are already enabled on the built-in administrator account.

    Then the only other things are the Send as and receive as permissions on the mailbox... no big deal to leave those alone.

    LVL 5

    Author Comment

    by:Adam Ray
    With the release of the Blackberry Proffesional Software, this seems to be a moot point.  As BPS is pretty much functionally equivelent to BES (for the Small Business market) and certified to run on Exchange servers.

    Note: There are differences (mainly no MDS) between BPS and BES, so be sure to do your homework before "upgrading" your BES to BPS, but it seems to be a good idea since it uses less reasources.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now