Solved

send as permision revoked for some users

Posted on 2007-11-18
11
509 Views
Last Modified: 2010-05-18
I'm new to the it world I am a project super and the IT part was handed over to me. My question is how do I go about doing this step by step please.

To correct the "Send As" issue I have outlined the steps below:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

3. Run the following script:

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server.
0
Comment
Question by:todd2112
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:damelahn
ID: 20313507
Is your problem with users who are admins or non-admins?

0
 

Author Comment

by:todd2112
ID: 20313524
admins
0
 
LVL 1

Accepted Solution

by:
damelahn earned 500 total points
ID: 20313652
OK.  I added some more details.  


1. Stop the Blackberry Router service.

(open Services on the server where BES is installed.)
(find BB Router and stop the service.)

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

(Open ADUC
Find desired user
Security tab
Advanced button
Sort by name
Look for BES with Send As permission.
If not there check the box that says "Allow inheritable permissions to propagate from parent"
Click APPLY.
BESadmin should now show up in the permission entries window.
Click OK. )

3. Run the following script:

(DSACLS is a command line tool.)
(open a command prompt on your domain controller and type the whole line of text.)
(be sure to insert your domain name and BES admin name in the right places.)

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=com " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc=com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=local" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:  http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

(Dsacls.exe is included with the Windows Support Tools. To install the Support Tools, run Setup.exe from the Support\Tools folder on the Windows Server 2003 or Windows 2000 Server CD-ROM.)

4. Wait 20 minutes and then restart the BlackBerry Router service.

(Remove battery from BB device for at least 20 minutes.)
(open Services on the server where BES is installed.)
(find BB Router and start the service.)

5. Restart the BES server.

(After 20 minutes replace battery in BB device and reboot BES server.)

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:todd2112
ID: 20313989
how do i  run the script
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314128
If you already have DCACLS installed on your domain controller all you need to do is type your modified line of text at the command prompt and press enter. (see the examples for how to modify the text)

0
 

Author Comment

by:todd2112
ID: 20314298
Am I suppose to be in the tools directory?
0
 
LVL 1

Expert Comment

by:damelahn
ID: 20314428
For Server 2003 you would change directory to this ->  C:\Program Files\Support Tools
Once the command prompt shows you are in that directory then type your modified text.
(this assumes you already have the support tools installed)  



0
 

Author Comment

by:todd2112
ID: 20314492
I appreciate your help like I said I'm new to all this
0
 

Author Comment

by:todd2112
ID: 20314593
I have c:\program files\windows resource kit\tools
0
 

Author Comment

by:todd2112
ID: 20314688
this is the command I type in tell me if you see anything wrong

dsacls "cn=adminsdholder,cn=system,dc=richsmith,dc=com"/G"RICHSMITH\BESadmin:CA;Send As"
0
 

Author Comment

by:todd2112
ID: 20317030
Whenever I run this utility  I get an error that says the command did not complete successfuly. Any Ideas?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BDS10 License Expired 9 614
BES 5.0.4 and BES 10.1 Co-Existence 10 1,664
Blackberry 10 Upgrades 5 550
Changing Blackberry Phone on AT&T 4 421
Ever have trouble updating the ringtone settings on a Blackberry Curve? If so, here are the steps for changing your ringtone settings.  1. The Key is in the Profiles | Select 'Profiles' Icon The most interesting thing about changing your rington…
It still surprises me how many businesses have many of their staff constantly away from the office needing reliable Internet, and without realising it, the answers been in their pocket the whole time! I’m talking, of course, about the phenomenon …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question