A user at my company has recently migrated to using a Blackberry device. For this to work correctly they need to have the 'Send As' permission granted to the BESAdmin account used by the Blackberry Enterprise Server software. No worries there.
I've granted the appropriate permissions and things work fine for a while. Then, after a seemingly random period of time, the permissions I set are reverting back to what they were before I made the changes. I'm setting inheritance on the account's security as the correct permissions are defined at the OU parent level and are being applied to everyone else in this user's OU. They're getting the settings too but only for a while.
It's not Group Policy as I have the same policies applied to me and my Blackberry device works fine. I've trawled through 'gpresult' to see any some settings are not being applied but everything looks fine there. FRS, DNS and all other AD repliation-related aspects of our AD are working fine. There are no scheduled tasks anywhere that might be changing these permissions - I thought that might be something setup by an admin before me but that's not the case.
How else can security settings revert back to previous settings if it's not Group Policy causing it and if the user's account has been told to inherit from the parent settings?
And, just to make things worse, it's our CEO's account with the problem ... yeesh.
Can anyone help or make suggestions? It's worth 500 points to me so I'm willing to hear anything y'all have to say. :)