Windows 2003 Inherited Permissions

Unanswered Question
Mar 29th, 2007

Unity 4.2 EX2003 Win 2003

All is working well on this recent install except:

the organisation has about a dozen users who are members of the domain admins (a protected group with inherit permissions unchecked) who all reside in a container called 'administrators' separate from other users. We can't add or delete these administrators without checking 'grant inherited permissions') and running the permissions wizard. Once added everything is fine for a while but then the 'inherited permissions' box on each user reverts automatically back to unchecked each night and we are unable to edit these users the next day (e.g. can't change a PW or uncheck first time enrolment) and when they send a message to an internal subscriber their names DO NOT appear in the from field of the voicemail.

Is there anyway I can set the required permissions independently for each user in the administrator container or make the 'allow inherited permissions' checkbox stick?

Thanks in advance

jim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ginger Dillon Thu, 03/29/2007 - 09:07

Hi Jim -

Take a look at this article - http://www.cisco.com/en/US/customer/products/sw/voicesw/ps2237/products_tech_note09186a00801c3224.shtml

A better, more secure way to handle this problem would be to have your Domain Admins use separate accounts from their Unity enabled ones. Users should not be performing normal day to day operations logged on with accounts that have this level of privilege. But with your existing design, this may help.

Ginger

astectelecom Fri, 03/30/2007 - 06:33

Thanks for your helpful and prompt reply Ginger.

We can now modify protected user accounts from the SA but they still don't get tagged in the from field on subscriber to subscriber messaging. Can I be cheeky and ask if you have any ideas on this issue?

Jim

Ginger Dillon Fri, 03/30/2007 - 07:57

Hi Jim -

Are these users on a different Unity server than your other internal subscribers? This almost sounds like identified subscriber messaging is not working. What does the From field say when one of these admin users sends a voice message to your internal users?

Ginger

astectelecom Fri, 03/30/2007 - 08:17

Hi Ginger

No other Unity server is present. The ISM works for all other users. They are identified as the message sender in the 'from' field of the email. The protected domain admin users get 'unity messaging system' in the from field with their extension number in the subject field. I can get it to work for the admin users by going into advanced options and checking the inherit permissions tab and then running the permissions wizard on the container. We then do a test and ISM works properly for a while. However, overnight the permissions are reversed and we are back to square one. Its only a few users so I'd like to set the permissions manually but I don't know which permission on which account would control the information in the from field!

Any ideas appreciated.

jim

Actions

This Discussion