Solved

send as permision revoked for some users

Posted on 2007-11-18
11
507 Views
Last Modified: 2010-05-18
I'm new to the it world I am a project super and the IT part was handed over to me. My question is how do I go about doing this step by step please.

To correct the "Send As" issue I have outlined the steps below:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

3. Run the following script:

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server.
0
Comment
Question by:todd2112
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:damelahn
ID: 20313507
Is your problem with users who are admins or non-admins?

0
 

Author Comment

by:todd2112
ID: 20313524
admins
0
 
LVL 1

Accepted Solution

by:
damelahn earned 500 total points
ID: 20313652
OK.  I added some more details.  


1. Stop the Blackberry Router service.

(open Services on the server where BES is installed.)
(find BB Router and stop the service.)

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

(Open ADUC
Find desired user
Security tab
Advanced button
Sort by name
Look for BES with Send As permission.
If not there check the box that says "Allow inheritable permissions to propagate from parent"
Click APPLY.
BESadmin should now show up in the permission entries window.
Click OK. )

3. Run the following script:

(DSACLS is a command line tool.)
(open a command prompt on your domain controller and type the whole line of text.)
(be sure to insert your domain name and BES admin name in the right places.)

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

(Dsacls.exe is included with the Windows Support Tools. To install the Support Tools, run Setup.exe from the Support\Tools folder on the Windows Server 2003 or Windows 2000 Server CD-ROM.)

4. Wait 20 minutes and then restart the BlackBerry Router service.

(Remove battery from BB device for at least 20 minutes.)
(open Services on the server where BES is installed.)
(find BB Router and start the service.)

5. Restart the BES server.

(After 20 minutes replace battery in BB device and reboot BES server.)

0
 

Author Comment

by:todd2112
ID: 20313989
how do i  run the script
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314128
If you already have DCACLS installed on your domain controller all you need to do is type your modified line of text at the command prompt and press enter. (see the examples for how to modify the text)

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:todd2112
ID: 20314298
Am I suppose to be in the tools directory?
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314428
For Server 2003 you would change directory to this ->  C:\Program Files\Support Tools
Once the command prompt shows you are in that directory then type your modified text.
(this assumes you already have the support tools installed)  



0
 

Author Comment

by:todd2112
ID: 20314492
I appreciate your help like I said I'm new to all this
0
 

Author Comment

by:todd2112
ID: 20314593
I have c:\program files\windows resource kit\tools
0
 

Author Comment

by:todd2112
ID: 20314688
this is the command I type in tell me if you see anything wrong

dsacls "cn=adminsdholder,cn=system,dc=richsmith,dc=com"/G"RICHSMITH\BESadmin:CA;Send As"
0
 

Author Comment

by:todd2112
ID: 20317030
Whenever I run this utility  I get an error that says the command did not complete successfuly. Any Ideas?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For those of you who are frightened by terms like SQL Server and think that C or C++ is an average or slightly above average grade on your homework, never fear. You've come to the right article. If you're like me, you look at the Experts on EE and f…
Having now spent 3 months on the iPhone, I am at a loss as to how anyone would choose this device for business use. After many years using Blackberry phones (several 7xxx models and, until recently, an 8100 Pearl) I have reluctantly had to switch to…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now