Unity - Administrative Access activity report

Unanswered Question
Mar 10th, 2008

Hi, everyone.

I am advising a customer to deal with a potential security breach in his Unity Server.

I advised him to use individual user accounts to administer the server, asigning the Default Administrator CoS to each subscriber.

That worked fine, but when we used the Reports option to generate an Administrative Access report for All administrators, we found that the changes made with the new accounts do not get included in the report.

Are we doing something wrong? are we missing something?

Besides asigning the CoS, I am also using GrantUnityAccess, but as the domain users already have a valid subscriber in Unity, it seems useless...

Thanks!

Ariel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ginger Dillon Mon, 03/10/2008 - 09:24

Hi Ariel -

When you ran the GrantUnityAccess for these users, did you use installer as the default account to be associated with each? Since you already have these users in the Default Admin COS, you should not need the GrantUnityAccess utility, which may be the reason you are not getting the detail information in the Admin Access report. As a test you could remove the users from GrantUnityAccess and then have them perform a couple of subscriber related activities. Rerun the Admin access report. The only reason we use GrantUnityAccess to for our Unity Admins that are not admins on another Unity server, but also need to manage subscribers there. I'm thinking you should be OK without it on that one server.

Ginger

arielroza Mon, 03/10/2008 - 09:36

Ginger,

No, I tried to associate each Windows account with its corresponding subscriber, which I know now that it's pointless.

The problem I have is that the report seem to only list the action for the EAdmin and Installer profiles only.

I don't want to associate the subscribers to any of those profiles, because I can't distinguish between them in the report.

Am I being clear enough?

Thanks for being there, Ginger.

Ginger Dillon Mon, 03/10/2008 - 10:12

Hi -

I forgot to mention in my previous note, unsure if it matters, but I don't use the default Admin COS. I create a new one that has exactly the administrative access I want to control. For example, you may want the users to be able to add/delete users, but not work with Call Handlers. Or for example, our Help Desk users only have access to resetting voicemail passwords for subscribers on that server. So, are you saying you already removed these users from GrantUnityAccess and had them test making some subscriber updates, and the Admin access report still shows only the EAdmin and installer profiles?

Ginger

arielroza Mon, 03/10/2008 - 10:31

Ginger,

Almost. I added those users with grantunityaccess -u DOMAIN\User -s User, but running grantunityaccess -l afterwards did not show them in the list.

And because they are not shown, i did nothing to remove them from it.

Yes, I made them update a subscriber, and did not show up in the report.

arielroza Mon, 05/19/2008 - 07:46

Solved,

We were just not waiting enough time for the data to get included in the reports. That ussually takes around 20 minutes

Actions

This Discussion