02-02-2009, 10:56 PM
|
 |
Proprietor
|
|
Join Date: Nov 2008
Posts: 2,237
|
|
KB05035 - Permissions needed for remote administration of the BES
KB05035 - Permissions needed for remote administration of the BlackBerry Enterprise Server
Environment
- BlackBerry® Enterprise Server software version 3.5 through 4.1 for Microsoft® Exchange
Overview
This article outlines the permissions needed for remote administration of the following BlackBerry Enterprise Server software versions:
BlackBerry Enterprise Server 4.1
Use BlackBerry Manager to assign the administration role to the remote administration account. This adds permissions on the BlackBerry Configuration Database and does not make any modifications to the permissions within Microsoft® Active Directory® or Microsoft Exchange for the remote administration account.
The administration account used to assign the administration roles must be a system administrator on the Microsoft® SQL Server™. Using the correct administration account will make sure that remote administration accounts are assigned the correct Microsoft SQL Server permissions when they are created in BlackBerry Manager.
For an overview of the roles and role-based administration, see KB04889.
To assign administration roles on the BlackBerry Enterprise Server 4.1, complete the following steps:
- Open BlackBerry Manager.
- Click on BlackBerry Domain.
- Select the Role Administration tab.
- Add the administration account information with the format Domain\Username and click OK.
For more information on specific permissions for the roles, see the "Appendix: Role Matrix" section of the System Administration Guide for BlackBerry Enterprise Server for Microsoft Exchange 4.1.
BlackBerry Enterprise Server 4.0
Using Microsoft Exchange 5.5
- Grant the administration account View Only Admin at the Site level, and Admin Role at the Recipients container via Exchange Administrator.
- Assign permissions to the BlackBerry Configuration Database to the administration account. To do this, grant it Local Administrator access on the computer on which the BlackBerry Configuration Database is installed, or DB_Owner rights to the BlackBerry Configuration Database.
Using Microsoft Exchange 2000 or 2003
- Assign Exchange View Only Administrator rights at the First Administrative Group level to the administration account running the remote BlackBerry Manager.
- Within Exchange System Manager, expand Administrative Groups.
- Right-click First Administrative Group.
- Select Delegate Control.
- Give the administration account the role of Exchange View Only Administrator rights.
- Complete the following steps for every Mailbox Store and every Microsoft Exchange Server:
- In Exchange System Manager, expand Administrative Groups > First Administrative Group > Servers.
- Right-click the selected server and select Properties.
- Click the Security tab and select the administration account.
- For the administration account, verify that Allow is selected for Administer Information Store rights.
- Assign permissions to the BlackBerry Configuration Database to the administration account. To do this, grant it Local Administrator access on the computer on which the BlackBerry Configuration Database is installed, or DB_Owner rights to the BlackBerry Configuration Database.
BlackBerry Enterprise Server 3.5 and 3.6
Using Microsoft Exchange 5.5
- Grant the administration account View Only Admin at the Site level, Admin Role at the Recipients container, and User Role to the BlackBerry service account mailbox via Exchange Administrator.
- The account will require permissions for the BlackBerry Configuration Database. Either grant it Local Administrator access on the computer on which the BlackBerry Configuration Database is installed, or grant it DB_Owner rights to the BlackBerry Configuration Database.
Using Microsoft Exchange 2000 or 2003
- Through the Active Directory Users and Computers window, grant the administration account running the remote BlackBerry Enterprise Server Management console Full Mailbox access to the BlackBerry service account mailbox.
- Assign Exchange View Only Administrator rights at the First Administrative Group level to the administration account running the remote BlackBerry Enterprise Server Management console.
- Within Exchange System Manager, expand Administrative Groups.
- Right-click First Administrative Group.
- Select Delegate Control.
- Give the administration account the role of Exchange View Only Administrator rights.
- Complete the following steps for every Mailbox Store and every Microsoft Exchange Server:
- In Exchange System Manager, expand Administrative Groups > First Administrative Group > Servers.
- Right-click the selected server and select Properties.
- Click the Security tab and select the administration account.
- For the administration account, verify that Allow is selected for Administer Information Store rights.
__________________
http://blog.port3101.org/hdawg/
The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.
|
Linear Mode
