I have little knowledge of exactly how Microsoft designed security but I take every opportunity I can to learn; my current issue though has not been a pleasant experience to say the least. The short story is I'm migrating
to BES 5.0.2 and I'm having issues with Send As which I'm sure is no shock to anyone, I mean RIM has a website dedicated to the exact issue (www.blackberry.com/sendas
). I setup the new BES with the suggested account, BESAdmin, and set the Send As permissions according to RIM's Install and Configuration Guide and verified the Send As permission was set at the top level but here's where the issue started. I migrated two users over to the new BES box and right away they couldn't send from their handsets. I went back into AD and noticed right away that Send As for BESAdmin had been revoked. I checked 'allow inheritable permissions' on a domain user and waited 40 minutes, when I came back the check was removed. My first thought was that user was part of a protected group but they're not...I think. I added the permission to AdminSDHolder but that revokes permissions as well.
My main question is this, how do I find out if a user is part of a protected group? RIM is no help at this point, even after being escalated twice.
Any help is greatly appreciated!