Is it okay for a regular domain account to log-in to BES and administer it? would there be any conflicts or any pre-requisites before doins so?

Right now Im using my besadmin account to log-in to my BES but I want to change it to just my regular domain account (which has Domain Admin Rights.)

Ill search for docs proving that this is possible (or impossible)...

Dont do it! It will break things.

I 2nd what Knotty says! That would cause problems.

thanks for the quick response guys, can you give me links on the knowledge base center that could possibly point to doing this could cause "problems"

*i need to justify this to our management, y'know*

You're not going to find any official documentations which explicitly says "Don't do this because...."
I know by common sense that I shouldn't let my cat chew through my laptop's power cable... but I'm not going to find anything in the user guide which tells me that.

The documentation will tell you what you should do, not what you shouldn't do.

I just re-read your post:

Are you asking if you can log in with your network login credentials, and administer the BES? Or are you asking if you can change the service account (BESAdmin) to a different user, that is a member of the Domain Admins?

hmm I saw in a documentation regarding the Installation of BES that I should log-in as the BES service account (with proper local admin rights and database rights..) - this alone would be enough to tell me that in future log-ins I should use the BES service account...

although what I am looking for is something like a case study or a troubleshooting scenario in the knowledge base which indicates:

"Do Not Use Any Other Domain Accounts Other than the Service Account" as a SOLUTION..

Anyway, thanks guys, this thread is helping a lot, hope I find what I am looking for- I need to prove my choice of action to our management- as they are imposing that logging-in as a service account is a probably security risk..(so they say..)

Are you asking if you can log in with your network login credentials, and administer the BES? <----- THIS ONE

In that case... then yes, definitely.
Use Role Based Administration. This is available with BES 4.1 and later.
http://www.port3101.org/featured-bla...ation-bes.html

http://www.blackberry.com/btsc/searc...rnalId=KB04889

This is all I need to do?

BlackBerry Enterprise Server 4.1
Use BlackBerry Manager to assign the administration role to the remote administration account. This adds permissions on the BlackBerry Configuration Database and does not make any modifications to the permissions within Microsoft® Active Directory® or Microsoft Exchange for the remote administration account.
The administration account used to assign the administration roles must be a system administrator on the Microsoft® SQL Serverxxx8482;. Using the correct administration account will make sure that remote administration accounts are assigned the correct Microsoft SQL Server permissions when they are created in BlackBerry Manager.
For an overview of the roles and role-based administration, see KB04889.
To assign administration roles on the BlackBerry Enterprise Server 4.1, complete the following steps:

1. Open BlackBerry Manager.
2. Click on BlackBerry Domain.
3. Select the Role Administration tab.
4. Add the administration account information with the format Domain\Username and click OK.


quite simple, let me check further (by the way the other link doesn't work anymore)

THANKS PENGUIN! indeed a genius!

stupid question: instead of just a single account I can add a security group to this right? (there are a lot of Tier 1 support colleagues here..)

UPDATE UPDATE:

ok so I added the domain security group I created and had all my Tier 1 and Tier 2 colleagues as a member then placed them with a role of Admin_Enteprise..

Logging in now as a Tier 1 user:
I start BB Manager and it asked for the MAPI profile, so I just placed the MAPI details of the Service account then I got the error window:

Failed to open the default message store using the MAPI profile 'BlackberryManager'. Please review the log for details. You will not be able to send messages from BlackberryManager ny email.

Ok so, I can add/remove users in the BB Manager I can set enterprise activation passwords, and all the basic administration tasks..but, indeed error comes up when I try to send an email message to a user..- if this is the only negative effect I probably can do without this, but I am worried there's more than meets the eye..hope Im wrong..

BES 4.1.6 / Exchange 2000 & 2007 / SQL 2000 / 2750 users.
I have numerous Tier 1 & 2 BB Manager on their desktops pointed to the SQL db with Static SQL auth set up for Roles based admin. I also gave each of them access to the BES admin mail account (via security group) to avoid the mapi failure at logon.

ahh i see! as simple as putting access to bes admin mailbox rights to Tier 1 colleagues..Thanks!

Let me try later...

I would suffice to say that you install BES as BESadmin account and if you need to re-configure something after the fact, to use the BESadmin account still.

(that is if you aren't using roll based administration)

You can install the BlackBerry Manager locally on your desktop so that you don't need to log into the server at all and still administer the BES. But you will need to assign some accounts to be able to administer the server (as mentioned above with the roles based admin). But they wont have to have access to the server directly. Or you can give everyone the BES admin account info and let them use the manager locally (although I would not recommend that if there are a lot of users).

But anytime that you log into the BES directly/physically you will need to log in with the service account (or should anyway).

JUST MAKE SURE that you are on the SAME version BlackBerry Manager locally as you are on your server! This is very important! You can mess up the BES DB if they are different!