Solved

Blackberry Enterprise Send As Issues

Posted on 2011-03-12
4
389 Views
Last Modified: 2012-05-11
I have little knowledge of exactly how Microsoft designed security but I take every opportunity I can to learn; my current issue though has not been a pleasant experience to say the least.  The short story is I'm migrating to BES 5.0.2 and I'm having issues with Send As which I'm sure is no shock to anyone, I mean RIM has a website dedicated to the exact issue (www.blackberry.com/sendas).  I setup the new BES with the suggested account, BESAdmin, and set the Send As permissions according to RIM's Install and Configuration Guide and verified the Send As permission was set at the top level but here's where the issue started.  I migrated two users over to the new BES box and right away they couldn't send from their handsets.  I went back into AD and noticed right away that Send As for BESAdmin had been revoked.  I checked 'allow inheritable permissions' on a domain user and waited 40 minutes, when I came back the check was removed.  My first thought was that user was part of a protected group but they're not...I think.  I added the permission to AdminSDHolder but that revokes permissions as well.

My main question is this, how do I find out if a user is part of a protected group?  RIM is no help at this point, even after being escalated twice.

Any help is greatly appreciated!
0
Comment
Question by:Ryat66
  • 2
4 Comments
 
LVL 7

Expert Comment

by:droyden
ID: 35116123
Protect groups are administrators/domain admins etc, if they are part of these groups they may have issues with BES and sendas..
0
 

Author Comment

by:Ryat66
ID: 35116277
I wasn't clear at first, my question is whether or not you can create a protected group or does a protected group just refer to the Windows defaults (domain admins, schema admins, etc.)?

I should also mention that the current BES uses the domain admin user as the service account.  According to the company president they've never had an issue with calendar sync or anything else.  Doesn't that seem odd?  According to RIM we should have had issues from day one.

Anyway, that suggests to me that the last person that setup BES went through the same issues I am and finally said <insert expletive> it, I'm going to use 'admin' as the BES service account and call it a day.
0
 
LVL 4

Expert Comment

by:sachin5333
ID: 35198056
0
 
LVL 4

Accepted Solution

by:
sachin5333 earned 500 total points
ID: 35198109
If you want to check for the User and the ssign group,

> Right click on Users AD account
> Go to "Members of"
> The list of group are visible in this pane.

> As a Bes user the user should not be a pert of power and administrative groups.

Also check with the policy, in some cases the policy reflect on the users and it will forcefully remove the special rights assign to users.

Create differant OU in AD and do not allow any policy on that OU.
Create Test user, assign all require rights check after 30 mins. If there are no changes then move BB users to that OU.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
For many people, the BlackBerry is an indispensable tool during their working day. The ability to have your emails delivered swiftly and securely to your hand can improve your personal efficiency immensely. So, how many people do you see with their …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question