Solved

Blackberry Enterprise Send As Issues

Posted on 2011-03-12
4
390 Views
Last Modified: 2012-05-11
I have little knowledge of exactly how Microsoft designed security but I take every opportunity I can to learn; my current issue though has not been a pleasant experience to say the least.  The short story is I'm migrating to BES 5.0.2 and I'm having issues with Send As which I'm sure is no shock to anyone, I mean RIM has a website dedicated to the exact issue (www.blackberry.com/sendas).  I setup the new BES with the suggested account, BESAdmin, and set the Send As permissions according to RIM's Install and Configuration Guide and verified the Send As permission was set at the top level but here's where the issue started.  I migrated two users over to the new BES box and right away they couldn't send from their handsets.  I went back into AD and noticed right away that Send As for BESAdmin had been revoked.  I checked 'allow inheritable permissions' on a domain user and waited 40 minutes, when I came back the check was removed.  My first thought was that user was part of a protected group but they're not...I think.  I added the permission to AdminSDHolder but that revokes permissions as well.

My main question is this, how do I find out if a user is part of a protected group?  RIM is no help at this point, even after being escalated twice.

Any help is greatly appreciated!
0
Comment
Question by:Ryat66
  • 2
4 Comments
 
LVL 7

Expert Comment

by:droyden
ID: 35116123
Protect groups are administrators/domain admins etc, if they are part of these groups they may have issues with BES and sendas..
0
 

Author Comment

by:Ryat66
ID: 35116277
I wasn't clear at first, my question is whether or not you can create a protected group or does a protected group just refer to the Windows defaults (domain admins, schema admins, etc.)?

I should also mention that the current BES uses the domain admin user as the service account.  According to the company president they've never had an issue with calendar sync or anything else.  Doesn't that seem odd?  According to RIM we should have had issues from day one.

Anyway, that suggests to me that the last person that setup BES went through the same issues I am and finally said <insert expletive> it, I'm going to use 'admin' as the BES service account and call it a day.
0
 
LVL 4

Expert Comment

by:sachin5333
ID: 35198056
0
 
LVL 4

Accepted Solution

by:
sachin5333 earned 500 total points
ID: 35198109
If you want to check for the User and the ssign group,

> Right click on Users AD account
> Go to "Members of"
> The list of group are visible in this pane.

> As a Bes user the user should not be a pert of power and administrative groups.

Also check with the policy, in some cases the policy reflect on the users and it will forcefully remove the special rights assign to users.

Create differant OU in AD and do not allow any policy on that OU.
Create Test user, assign all require rights check after 30 mins. If there are no changes then move BB users to that OU.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question