06-27-2006, 12:57 PM
Join Date: Jun 2006
Post Thanks: 0
Thanked 0 Times in 0 Posts
For your regular users you should only have to add your "BES Admin" account to each AD user that is using a blackberry. Basically, you go to the Security tab of each user and add your "BES Admin" account and explicitly grant "Send As" permissions.
For your Administrators (basically and MS "protected" account) it's a little trickier...
You either follow the MS recommended practice of not allowing your admin accounts to not be mail enabled. (I know... I know... this wasn't a reasonable solution for me either at this point in time.)
So you go to AD Users and Computers -> View -> Advanced Features. Then from your AD tree you select System -> AdminSDHolder -> Properties. Then select Security -> Advanced -> Add -> Select your "BES Admin" account -> Click the Apply Onto Drop Down menu and select "User Objects" -> Grant "Send-As".
This should grant the BES Admin account "Send As" permissions to all of your protected accounts.
If you have any questions, please let me know... I VERY new to BES, but I'm having to learn fast!
Also, this link was an interesting read about this problem and decision for the security patch on the MS Exchange team's blog... Personally, I think it's ironic that MS releases a patch that breaks BES/Goodlink while they are trying to push their MS Mobile crap.