Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
150
Views
0
Helpful
1
Replies

Limiting account access to Unity directories

admin_2
Level 3
Level 3

‎02-28-2002 12:51 AM - edited ‎03-12-2019 02:37 PM

Can someone please clarify this for me? The Security Best Practices for Unity White Paper states the following...<br><br>"As a best practice, other domain accounts used by Cisco Unity system administrators should be restricted to read-only access, while Cisco Unity subscribers, and all other domain accounts and groups should have no access rights to the directories, folders, or files on the Cisco Unity server. To do so, exclude the System Group Everyone from the default user permissions for C:\ or root of any other drive on the Cisco Unity server. Instead, assign authenticated users. In addition, confirm that no explicitly privileged assignments have been made to individual groups or accounts."<br><br>So, does that mean add the "Authenticated Users" group? If so, how does this satisfy the previously mentioned recommendations.<br><br>-OR-<br><br>Does this mean add individual users, which should be authenticated? If so, which ones?<br><br>Also, what is the chance doing either will prevent access to SA or AA interfaces? I have a customer that is really concerned about other Domain Admins messing up his Unity server. So any advice to help accomplish that end is greatly appreciated.<br><br>Thanks in advance!<br><br>-J<br><br>

Labels:
0 Helpful
1 Reply 1

Not applicable

‎02-28-2002 09:05 AM

Todd (the author of that doc) sez:
================
You shouldn't add the authenticated users group because you don't have control over who is a member of that group. It should be only users who need access to the system in order to do other non-Unity tasks, such as backups/restores, accessing logs, etc.

For instance say you setup a share and gave a group "full access" to that share. Since you as an administrator can't control who has access to this group that share will be wide open, you should remove it and only explicitly allow those users and groups who need access to the server control for that share. Those needing access to the file system are the ones I described in the section where this question came from.
===================================


Jeff Lindborg
Unity Technical Lead/Answer Monkey
Cisco Systems
lindborg@cisco.com
http://www.AnswerMonkey.net (new page for Unity support tools and scripts)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents