BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 03-19-2007, 07:08 AM   #1 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Who has admin access to your BES?

Please Login to Remove!

For you BES Admins, I'm curious who has access to your BES servers - just you (or your team), or does your Helpdesk? Or, if you have a BES that is overseas (or in the US, if you are in Europe/Asia), does a person local to the physical server have access to add/remove users?

Reason I'm asking is we have 4 BES servers - 1 in the US (largest with 445 users), 1 in Calgary, 1 in Ahlen, and 1 in Pudong. All of them are v. 4.0.6.

Our Helpdesk has access (via the svc account) to the US BES - but they only perform user administration (add/remove users, change passwords, etc). Although they log in with the svc account, they do not do any other tasks on the server (including modifying the IT Policy, updating or creating software configs, etc). I was told by RIM that logging in with the svc account was the ONLY way to perform user admin, so that is why they are using the svc account.

For the servers in Ahlen and Pudong, local employees (some I.T., some not) had access to the servers (via the svc account). However, due to issues with those people creating new IT Policies and Software Configs, I have changed all of the svc account passwords and said that ALL user admin must go thru our Helpdesk - for any BES.

Big surprise - I'm getting some push back from the local Ahlen and Pudong employees (they will run this up the flagpole to the VP of I.T.).

I see this the same as any other system that users are managed - like Exchange. All user admin for Exchange is done by our Helpdesk. We don't allow local I.T. folks security to do this - it's all managed centrally.

So - back to my original question - who has access to administer your BES? And is it true that the only way to perform user administration is by logging in with the svc account (for v. 4.0.6)?

I am planning to upgrade to 4.1 soon, so will be able to grant user admin access to those who need it, but until then.......
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-19-2007, 08:43 AM   #2 (permalink)
Retired BlackBerryForums.com Moderator
 
d_fisher's Avatar
 
Join Date: Oct 2005
Location: Columbus, OH
Model: 9700
OS: SID 6.7
Carrier: AT&T
Posts: 4,455
Post Thanks: 0
Thanked 2 Times in 1 Post
Default

Our BES access is limited to the BES/Lotus Domino admin group. Part of this group is responsible for the hardware, software, and the overall functionality of the BES server. The other part of the admin group does the day to day administration such as creating/removing accounts, resetting passwords, etc.

I am the primary support person for ~2500 BlackBerry handhelds and I do not have access to our BES server. In our current model I do the troubleshooting and have a BES admin do what I need done on the server. After the upgrade to 4.1 this should change to streamline the support.
__________________
Doug

Remember, please try searching first!

Need a screenshot? ... Like JavaLoader?
Try using BBscreen .....Use JL_Cmder!
or BBScreenShooter!

[SIGPIC][/SIGPIC]
Offline  
Old 03-19-2007, 08:58 AM   #3 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Interesting. Our Exchange team doesn't even have access to our BES servers (they don't want it, either). I am the main BES server admin for all 4 servers - hardware, software, overall functionality, but do have a backup.

The Helpdesk does the day to day stuff (and I do some of it when they get the odd troubleshooting issue). Thus far they have not overstepped their bounds with the full-blown access they have (ok, one guy did, but he's no longer here).
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-19-2007, 09:23 AM   #4 (permalink)
Talking BlackBerry Encyclopedia
 
ZeroKool's Avatar
 
Join Date: Aug 2006
Location: stl, MO
Model: 8330
PIN: nope
Carrier: verizon
Posts: 314
Post Thanks: 2
Thanked 0 Times in 0 Posts
Default

As far as BES goes it's me and a Domino Admin that manage the servers. About 6 servers with 300+ people. 1 remote. Anyone who has access (Domino Admins) can get on the server (if they know the password). It's easy having only 10-50 people per server. Makes troubleshooting allot easier and faster.
__________________
Me likey BlackBerry
Offline  
Old 03-19-2007, 11:35 AM   #5 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Can either of you confirm that the ONLY way to perform user admin is to log onto the server as the service account?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-19-2007, 11:40 AM   #6 (permalink)
New Member
 
Join Date: Feb 2007
Location: Somewhere on earth...
Model: 8700
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

If you upgrade to 4.1, you have user groups so can set specific accounts to do specific levels of admin.
Offline  
Old 03-19-2007, 11:42 AM   #7 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Quote:
Originally Posted by Jules166
If you upgrade to 4.1, you have user groups so can set specific accounts to do specific levels of admin.
Yes, I know that....my question pertains to 4.0.6.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-19-2007, 01:37 PM   #8 (permalink)
CrackBerry Addict
 
ladydi's Avatar
 
Join Date: Jun 2005
Location: Washington
Model: 8800
Carrier: T-mobile
Posts: 848
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

That was the major complaint with BES before 4.1. No roles. If you needed someone to do anything on BES, they had to use the service account and all the permissions that entails. There is no way around it that I know of. Upgrading was pretty painless, so I would just push to do that sooner.
__________________
~Di~
Windows 2003
Exchange 2003
BES 4.1
Offline  
Old 03-19-2007, 02:24 PM   #9 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

Being the BES Admin, I have access to the BES Server. The Notes/Domino team has access to the server to monitor/maintain the Domino instance on the box. The Server Team has access to the server to monitor/maintain Windows 2k3 and the actual hardware. There's also a SQL team to monitor/maintain the DB.

Each team has Admin access to the server under their own account. Everybody can do something to the BES instance, but they don't. They leave that to me. If any team has to make changes, perform maintainance or perform a reboot, everybody is notified before it occurs.

Help Desk does not have access nor do they want it.
It's all "me, me me." (props to who can guess who said that.)
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 03-19-2007, 02:28 PM   #10 (permalink)
Knows Where the Search Button Is
 
b1g b3n's Avatar
 
Join Date: Oct 2006
Location: Alexandria, VA
Model: 8703e
Carrier: VZW
Posts: 22
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

we're a one-stop shopping IT department here (7 of us for @1200 users) so we all have physical and network access to the BES, but i'm the primary blackberry guy. everyone else is afraid to touch it so i took it upon myself beef up my BB knowledge and take over BES administration, lol. so far so good.
__________________
vzw bb 8703e

i don't user proper capitalization when typing.
Offline  
Old 03-19-2007, 02:50 PM   #11 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Quote:
Originally Posted by b1g b3n
everyone else is afraid to touch it so i took it upon myself beef up my BB knowledge and take over BES administration, lol. so far so good.
Sounds like me - thrown into the fire 3 years ago when I was told to get a working Blackberry into our CEO's hands in a month....and I'd never heard of a Blackberry.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-19-2007, 04:01 PM   #12 (permalink)
CrackBerry Addict
 
ladydi's Avatar
 
Join Date: Jun 2005
Location: Washington
Model: 8800
Carrier: T-mobile
Posts: 848
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by juwaack68
Sounds like me - thrown into the fire 3 years ago when I was told to get a working Blackberry into our CEO's hands in a month....and I'd never heard of a Blackberry.
I hear you there! I was hired 2 years ago as a PC tech + blackberry admin because nobody else wanted to deal with it. It actually worked out well because its helped me move into more server admin stuff. My boss is giving me the exch server now.

Just last month I made them buy a bb for our other tech so that I had backup and could actually take a vacation. (I have very needy users)
__________________
~Di~
Windows 2003
Exchange 2003
BES 4.1
Offline  
Old 03-19-2007, 05:25 PM   #13 (permalink)
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Me.

I am BES server admin, exchange guy, general server admin, phone system, helpdesk, development & training all rolled into one..oh and that's just 25% of my job..

Small companies are fun that way!
__________________
LOTS of answers here: Main Page - BlackBerryFAQ
Offline  
Old 03-20-2007, 12:51 PM   #14 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

Quote:
Originally Posted by ladydi
....very needy users....
Redundant statement.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 03-20-2007, 12:54 PM   #15 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Quote:
Originally Posted by ladydi
....very needy users....
Where's my LART?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-20-2007, 01:17 PM   #16 (permalink)
CrackBerry Addict
 
ladydi's Avatar
 
Join Date: Jun 2005
Location: Washington
Model: 8800
Carrier: T-mobile
Posts: 848
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Lol, no kidding
__________________
~Di~
Windows 2003
Exchange 2003
BES 4.1
Offline  
Old 03-21-2007, 02:33 PM   #17 (permalink)
Knows Where the Search Button Is
 
jtor's Avatar
 
Join Date: May 2005
Location: Central NJ
Model: 9800
PIN: T a day if I ever get out of here
Carrier: AT&T
Posts: 27
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by juwaack68
Sounds like me - thrown into the fire 3 years ago when I was told to get a working Blackberry into our CEO's hands in a month....and I'd never heard of a Blackberry.
Man oh man... does that bring back memories. Flash back to 4 years ago - Boss hands me a project - Domino BES 2.1, 1 server, 80 senior execs to receive 957's, 3 weeks to get it done. Quote: "This BlackBerry thing is only a part time assignment".

Today - BES 4.1 for Exchange 1500+ users and growing daily. Multiple Berry apps. Multiple servers. High availability. Redundant sites.

I love Corporate IT
Offline  
Old 03-21-2007, 02:42 PM   #18 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Quote:
Originally Posted by jtor
Man oh man... does that bring back memories. Flash back to 4 years ago - Boss hands me a project - Domino BES 2.1, 1 server, 80 senior execs to receive 957's, 3 weeks to get it done. Quote: "This BlackBerry thing is only a part time assignment".

Today - BES 4.1 for Exchange 1500+ users and growing daily. Multiple Berry apps. Multiple servers. High availability. Redundant sites.

I love Corporate IT
We're not at the 'multiple apps' yet, but we are at multiple (4) servers.

And does that count is high availability, or just high maintenance when you tell a user you can't IMMEDIATELY replace their lost/stolen/broken device.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 03-22-2007, 11:25 AM   #19 (permalink)
KOR
CrackBerry Addict
 
KOR's Avatar
 
Join Date: Sep 2005
Model: None
Carrier: Typhoid Mary
Posts: 612
Post Thanks: 7
Thanked 2 Times in 2 Posts
Default

Only our IT staff has access to BES, and only me and my manager ever do anything there.

I know we all have a lot to do, but I think the quickest way to screw up your tech is to let a non-IT (or an IT person not familiar with the systems) to get in there & muck around.
Offline  
Old 03-22-2007, 12:44 PM   #20 (permalink)
x14
BlackBerry Extraordinaire
 
Join Date: Jul 2005
Location: NYC
Model: 9800
OS: 6.0.0.546
Carrier: AT&T
Posts: 2,344
Post Thanks: 0
Thanked 17 Times in 16 Posts
Default

I think we have the most complicated structure. Our desktop support people can add/remove users. Our Domino mail admins does the Domino/BES management alone with me. I handle the over server management because we are running a complicated disaster recovery setup and switching between servers can be a pain.
__________________
Exchange 2007/BES 5.0.2 MR2
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.