BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 06-27-2008, 09:56 AM   #1 (permalink)
New Member
 
Join Date: Jun 2008
Model: 8700G
PIN: N/A
Carrier: T-Mobile
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Limiting BES Admin Access By OU

Please Login to Remove!

Hi everyone,

We manage Exchange and BES for another company that has their AD structure broken down by OU so that each OU has its own administrator that has full rights over all the users under their respective OUs. We want to delegate rights to those administrators to add/remove users and reset enterprise activation passwords so they don't have to keep asking us for every BES change they wish to perform.

The customer's requirement is that the administrators only have BES admin access to their specific OU and not to any other OUs. Currently I don't see a way to do this on BES 4.1 SP5. In other words, even if we add someone to the Jr or Sr helpdesk roles, they will have access to reset BES passwords and add/remove users from other OUs as well as their own.

Is there a way we can make this happen? Or, if this isn't possible, is there a way we can log BES user additions/removals and password resets by administrators?
Offline  
Old 06-27-2008, 09:58 AM   #2 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jason331 View Post
Hi everyone,

We manage Exchange and BES for another company that has their AD structure broken down by OU so that each OU has its own administrator that has full rights over all the users under their respective OUs. We want to delegate rights to those administrators to add/remove users and reset enterprise activation passwords so they don't have to keep asking us for every BES change they wish to perform.

The customer's requirement is that the administrators only have BES admin access to their specific OU and not to any other OUs. Currently I don't see a way to do this on BES 4.1 SP5. In other words, even if we add someone to the Jr or Sr helpdesk roles, they will have access to reset BES passwords and add/remove users from other OUs as well as their own.

Is there a way we can make this happen? Or, if this isn't possible, is there a way we can log BES user additions/removals and password resets by administrators?
Welcome!

What you're looking to do can't be done with roles or through the BlackBerry Manager.

Your best bet would be to build a web app or some other app using the BlackBerry Resource Kit User Administration Service / Client, and taking the security model out of the realm of BES and putting the onus on AD Groups / Permissions.
Offline  
Old 06-27-2008, 10:14 AM   #3 (permalink)
New Member
 
Join Date: Jun 2008
Model: 8700G
PIN: N/A
Carrier: T-Mobile
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

That's what I thought... bummer.

How about at least logging password resets and user additions/removals?
Offline  
Old 06-30-2008, 07:00 AM   #4 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jason331 View Post
That's what I thought... bummer.

How about at least logging password resets and user additions/removals?
I wish I could say the BRK Tool AdminHistory.exe would do this for you but it really won't ...

Your best bet to effectively manage this would be to setup / build an application to do it for you.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

50Pcs Max232ese Max232 Maxim Chip Sop-16 New Ic F
$2.72
50Pcs Max232ese Max232 Maxim Chip Sop-16 New Ic F picture5Pcs Voltage Regulator Ht7130-1 7130-1 3V 30Ma Low Dropout Ldo Sot-89 New Ic R
$0.99
5Pcs Voltage Regulator Ht7130-1 7130-1 3V 30Ma Low Dropout Ldo Sot-89 New Ic R picture50Pcs Do-41 1A 1000V Diode 1N4007 In4007 Ic New P
$0.99
50Pcs Do-41 1A 1000V Diode 1N4007 In4007 Ic New P picture100Pcs 2X5x7mm Rectangle Led Yellow Color Yellow Light Emitting Diode New Ic C
$1.37
100Pcs 2X5x7mm Rectangle Led Yellow Color Yellow Light Emitting Diode New Ic C picture50Pcs M27c256b-10F1 27C256 St Cdip-28 New Ic H
$40.67
50Pcs M27c256b-10F1 27C256 St Cdip-28 New Ic H picture






Copyright 2004-2016 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.