Solved

send as permision revoked for some users

Posted on 2007-11-18
11
506 Views
Last Modified: 2010-05-18
I'm new to the it world I am a project super and the IT part was handed over to me. My question is how do I go about doing this step by step please.

To correct the "Send As" issue I have outlined the steps below:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

3. Run the following script:

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server.
0
Comment
Question by:todd2112
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:damelahn
ID: 20313507
Is your problem with users who are admins or non-admins?

0
 

Author Comment

by:todd2112
ID: 20313524
admins
0
 
LVL 1

Accepted Solution

by:
damelahn earned 500 total points
ID: 20313652
OK.  I added some more details.  


1. Stop the Blackberry Router service.

(open Services on the server where BES is installed.)
(find BB Router and stop the service.)

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

(Open ADUC
Find desired user
Security tab
Advanced button
Sort by name
Look for BES with Send As permission.
If not there check the box that says "Allow inheritable permissions to propagate from parent"
Click APPLY.
BESadmin should now show up in the permission entries window.
Click OK. )

3. Run the following script:

(DSACLS is a command line tool.)
(open a command prompt on your domain controller and type the whole line of text.)
(be sure to insert your domain name and BES admin name in the right places.)

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

(Dsacls.exe is included with the Windows Support Tools. To install the Support Tools, run Setup.exe from the Support\Tools folder on the Windows Server 2003 or Windows 2000 Server CD-ROM.)

4. Wait 20 minutes and then restart the BlackBerry Router service.

(Remove battery from BB device for at least 20 minutes.)
(open Services on the server where BES is installed.)
(find BB Router and start the service.)

5. Restart the BES server.

(After 20 minutes replace battery in BB device and reboot BES server.)

0
 

Author Comment

by:todd2112
ID: 20313989
how do i  run the script
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314128
If you already have DCACLS installed on your domain controller all you need to do is type your modified line of text at the command prompt and press enter. (see the examples for how to modify the text)

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:todd2112
ID: 20314298
Am I suppose to be in the tools directory?
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314428
For Server 2003 you would change directory to this ->  C:\Program Files\Support Tools
Once the command prompt shows you are in that directory then type your modified text.
(this assumes you already have the support tools installed)  



0
 

Author Comment

by:todd2112
ID: 20314492
I appreciate your help like I said I'm new to all this
0
 

Author Comment

by:todd2112
ID: 20314593
I have c:\program files\windows resource kit\tools
0
 

Author Comment

by:todd2112
ID: 20314688
this is the command I type in tell me if you see anything wrong

dsacls "cn=adminsdholder,cn=system,dc=richsmith,dc=com"/G"RICHSMITH\BESadmin:CA;Send As"
0
 

Author Comment

by:todd2112
ID: 20317030
Whenever I run this utility  I get an error that says the command did not complete successfuly. Any Ideas?
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Ever have trouble updating the ringtone settings on a Blackberry Curve? If so, here are the steps for changing your ringtone settings.  1. The Key is in the Profiles | Select 'Profiles' Icon The most interesting thing about changing your rington…
With the release of BlackBerry Enterprise Server (BES) 5.0 and the large amount of new features on offer, many administrators, IT architects and professionals will be looking very seriously (if not already considering) at migrating to, or deploying,…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now