Solved

send as permision revoked for some users

Posted on 2007-11-18
11
511 Views
Last Modified: 2010-05-18
I'm new to the it world I am a project super and the IT part was handed over to me. My question is how do I go about doing this step by step please.

To correct the "Send As" issue I have outlined the steps below:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

3. Run the following script:

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server.
0
Comment
Question by:todd2112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:damelahn
ID: 20313507
Is your problem with users who are admins or non-admins?

0
 

Author Comment

by:todd2112
ID: 20313524
admins
0
 
LVL 1

Accepted Solution

by:
damelahn earned 500 total points
ID: 20313652
OK.  I added some more details.  


1. Stop the Blackberry Router service.

(open Services on the server where BES is installed.)
(find BB Router and stop the service.)

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

(Open ADUC
Find desired user
Security tab
Advanced button
Sort by name
Look for BES with Send As permission.
If not there check the box that says "Allow inheritable permissions to propagate from parent"
Click APPLY.
BESadmin should now show up in the permission entries window.
Click OK. )

3. Run the following script:

(DSACLS is a command line tool.)
(open a command prompt on your domain controller and type the whole line of text.)
(be sure to insert your domain name and BES admin name in the right places.)

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

(Dsacls.exe is included with the Windows Support Tools. To install the Support Tools, run Setup.exe from the Support\Tools folder on the Windows Server 2003 or Windows 2000 Server CD-ROM.)

4. Wait 20 minutes and then restart the BlackBerry Router service.

(Remove battery from BB device for at least 20 minutes.)
(open Services on the server where BES is installed.)
(find BB Router and start the service.)

5. Restart the BES server.

(After 20 minutes replace battery in BB device and reboot BES server.)

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:todd2112
ID: 20313989
how do i  run the script
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314128
If you already have DCACLS installed on your domain controller all you need to do is type your modified line of text at the command prompt and press enter. (see the examples for how to modify the text)

0
 

Author Comment

by:todd2112
ID: 20314298
Am I suppose to be in the tools directory?
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314428
For Server 2003 you would change directory to this ->  C:\Program Files\Support Tools
Once the command prompt shows you are in that directory then type your modified text.
(this assumes you already have the support tools installed)  



0
 

Author Comment

by:todd2112
ID: 20314492
I appreciate your help like I said I'm new to all this
0
 

Author Comment

by:todd2112
ID: 20314593
I have c:\program files\windows resource kit\tools
0
 

Author Comment

by:todd2112
ID: 20314688
this is the command I type in tell me if you see anything wrong

dsacls "cn=adminsdholder,cn=system,dc=richsmith,dc=com"/G"RICHSMITH\BESadmin:CA;Send As"
0
 

Author Comment

by:todd2112
ID: 20317030
Whenever I run this utility  I get an error that says the command did not complete successfuly. Any Ideas?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BlackBerry Enterprise Server (BES) 5 includes a new High Availability (HA) feature, which can be used to install a standby server that is failed over to in the event of maintenance or a disaster. This can be setup for auto failover, or simply used t…
BlackBerry can provide (arguably) the best global email delivery solution. That is, until something goes wrong at which point it can be a nightmare to troubleshoot. The log files on a BES can only be decoded by an expert and some of the errors that …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question