BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 04-02-2009, 12:51 PM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Account to Log-in to BES and Administer

Please Login to Remove!

Is it okay for a regular domain account to log-in to BES and administer it? would there be any conflicts or any pre-requisites before doins so?

Right now Im using my besadmin account to log-in to my BES but I want to change it to just my regular domain account (which has Domain Admin Rights.)

Ill search for docs proving that this is possible (or impossible)...
Offline  
Old 04-02-2009, 12:57 PM   #2 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,722
Post Thanks: 272
Thanked 289 Times in 273 Posts
Default

Dont do it! It will break things.
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Online  
Old 04-02-2009, 01:04 PM   #3 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2009
Model: 8330
PIN: N/A
Carrier: VZW
Posts: 122
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I 2nd what Knotty says! That would cause problems.
Offline  
Old 04-02-2009, 02:59 PM   #4 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks for the quick response guys, can you give me links on the knowledge base center that could possibly point to doing this could cause "problems"

*i need to justify this to our management, y'know*
Offline  
Old 04-02-2009, 03:09 PM   #5 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

You're not going to find any official documentations which explicitly says "Don't do this because...."
I know by common sense that I shouldn't let my cat chew through my laptop's power cable... but I'm not going to find anything in the user guide which tells me that.

The documentation will tell you what you should do, not what you shouldn't do.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 04-02-2009, 03:17 PM   #6 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2009
Model: 8330
PIN: N/A
Carrier: VZW
Posts: 122
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by cyberkamote View Post
Is it okay for a regular domain account to log-in to BES and administer it? would there be any conflicts or any pre-requisites before doins so?

Right now Im using my besadmin account to log-in to my BES but I want to change it to just my regular domain account (which has Domain Admin Rights.)
I just re-read your post:

Are you asking if you can log in with your network login credentials, and administer the BES? Or are you asking if you can change the service account (BESAdmin) to a different user, that is a member of the Domain Admins?
Offline  
Old 04-02-2009, 03:19 PM   #7 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

hmm I saw in a documentation regarding the Installation of BES that I should log-in as the BES service account (with proper local admin rights and database rights..) - this alone would be enough to tell me that in future log-ins I should use the BES service account...

although what I am looking for is something like a case study or a troubleshooting scenario in the knowledge base which indicates:

"Do Not Use Any Other Domain Accounts Other than the Service Account" as a SOLUTION..

Anyway, thanks guys, this thread is helping a lot, hope I find what I am looking for- I need to prove my choice of action to our management- as they are imposing that logging-in as a service account is a probably security risk..(so they say..)
Offline  
Old 04-02-2009, 03:20 PM   #8 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by -EOS- View Post
I just re-read your post:

Are you asking if you can log in with your network login credentials, and administer the BES? Or are you asking if you can change the service account (BESAdmin) to a different user, that is a member of the Domain Admins?
Are you asking if you can log in with your network login credentials, and administer the BES? <----- THIS ONE
Offline  
Old 04-02-2009, 03:26 PM   #9 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by cyberkamote View Post
Are you asking if you can log in with your network login credentials, and administer the BES? <----- THIS ONE
In that case... then yes, definitely.
Use Role Based Administration. This is available with BES 4.1 and later.
http://www.port3101.org/featured-bla...ation-bes.html

http://www.blackberry.com/btsc/searc...rnalId=KB04889
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org

Last edited by penguin3107 : 04-02-2009 at 03:27 PM.
Offline  
Old 04-02-2009, 03:33 PM   #10 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is all I need to do?

BlackBerry Enterprise Server 4.1
Use BlackBerry Manager to assign the administration role to the remote administration account. This adds permissions on the BlackBerry Configuration Database and does not make any modifications to the permissions within Microsoft® Active Directory® or Microsoft Exchange for the remote administration account.
The administration account used to assign the administration roles must be a system administrator on the Microsoft® SQL Serverxxx8482;. Using the correct administration account will make sure that remote administration accounts are assigned the correct Microsoft SQL Server permissions when they are created in BlackBerry Manager.
For an overview of the roles and role-based administration, see KB04889.
To assign administration roles on the BlackBerry Enterprise Server 4.1, complete the following steps:

1. Open BlackBerry Manager.
2. Click on BlackBerry Domain.
3. Select the Role Administration tab.
4. Add the administration account information with the format Domain\Username and click OK.


quite simple, let me check further (by the way the other link doesn't work anymore)

THANKS PENGUIN! indeed a genius!
Offline  
Old 04-02-2009, 03:47 PM   #11 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

stupid question: instead of just a single account I can add a security group to this right? (there are a lot of Tier 1 support colleagues here..)

UPDATE UPDATE:

ok so I added the domain security group I created and had all my Tier 1 and Tier 2 colleagues as a member then placed them with a role of Admin_Enteprise..

Logging in now as a Tier 1 user:
I start BB Manager and it asked for the MAPI profile, so I just placed the MAPI details of the Service account then I got the error window:

Failed to open the default message store using the MAPI profile 'BlackberryManager'. Please review the log for details. You will not be able to send messages from BlackberryManager ny email.

Ok so, I can add/remove users in the BB Manager I can set enterprise activation passwords, and all the basic administration tasks..but, indeed error comes up when I try to send an email message to a user..- if this is the only negative effect I probably can do without this, but I am worried there's more than meets the eye..hope Im wrong..

Last edited by cyberkamote : 04-02-2009 at 04:00 PM.
Offline  
Old 04-02-2009, 08:06 PM   #12 (permalink)
Knows Where the Search Button Is
 
Join Date: May 2007
Location: Pennsylvania
Model: 9530
PIN: N/A
Carrier: Verizon
Posts: 19
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

BES 4.1.6 / Exchange 2000 & 2007 / SQL 2000 / 2750 users.
I have numerous Tier 1 & 2 BB Manager on their desktops pointed to the SQL db with Static SQL auth set up for Roles based admin. I also gave each of them access to the BES admin mail account (via security group) to avoid the mapi failure at logon.
__________________
4 x BES 4.1.6
E2K & E2K7
3600 BB's
Offline  
Old 04-03-2009, 01:22 PM   #13 (permalink)
Thumbs Must Hurt
 
Join Date: May 2008
Location: Manila, Phils
Model: 8320
PIN: N/A
Carrier: Smart Communications PH
Posts: 97
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by SKaestle View Post
BES 4.1.6 / Exchange 2000 & 2007 / SQL 2000 / 2750 users.
I have numerous Tier 1 & 2 BB Manager on their desktops pointed to the SQL db with Static SQL auth set up for Roles based admin. I also gave each of them access to the BES admin mail account (via security group) to avoid the mapi failure at logon.

ahh i see! as simple as putting access to bes admin mailbox rights to Tier 1 colleagues..Thanks!

Let me try later...
Offline  
Old 04-03-2009, 01:52 PM   #14 (permalink)
Talking BlackBerry Encyclopedia
 
sniffs's Avatar
 
Join Date: May 2008
Model: 8310
PIN: N/A
Carrier: AT&T
Posts: 230
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

I would suffice to say that you install BES as BESadmin account and if you need to re-configure something after the fact, to use the BESadmin account still.

(that is if you aren't using roll based administration)
__________________
Your lack of planning is not my emergency.
Offline  
Old 04-21-2009, 04:21 PM   #15 (permalink)
New Member
 
Join Date: Mar 2009
Model: 8320
PIN: N/A
Carrier: T-Mobile
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default One more thing to keep in mind...

You can install the BlackBerry Manager locally on your desktop so that you don't need to log into the server at all and still administer the BES. But you will need to assign some accounts to be able to administer the server (as mentioned above with the roles based admin). But they wont have to have access to the server directly. Or you can give everyone the BES admin account info and let them use the manager locally (although I would not recommend that if there are a lot of users).

But anytime that you log into the BES directly/physically you will need to log in with the service account (or should anyway).

JUST MAKE SURE that you are on the SAME version BlackBerry Manager locally as you are on your server! This is very important! You can mess up the BES DB if they are different!
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.