I made the first visit to a new client today and discovered that a previous tech setup the BES software on the client's only server, the Windows 2003 SBS domain controller. (It also runs the Exchange server.) All of the Blackberry services and MAPI profile are running under the Administrator account! I have three questions below.
I've read the white papers and am experienced in managing all of the software involved--when it is setup as the manufacturers recommend.
Everything appears to be working correctly (I have not yet had time for a detailed survey of system health.) The load on the server is very low: 4 users, two of which have blackberries. So I am not worried about hardware resources in this situation.
1) Upon searching I have seen it mentioned in passing that BES can be installed on the SBS server (along with Exchange.) Is this true, and if so are there foreseeable problems that may arise from this setup?
I have not investigated all of the security workarounds that had to be implemented to get BES to run under the Administrator account, but based on past experience I know some restrictions had to be lifted from the Administrators group to get BES to function. (Running SBS SP1 and Exchange SP2.)
2) Since this BES install is running on the SBS server are there any special cases/reasons that would require BES to run under the Administrator account?
3) If not, I plan to create a "BESADMIN" account with the recommended permissions and run the BES server under that. What steps will need to be taken to resecure the administrator account?