What minimum rights does a person need on a Unity server box to run the GrantUnityAccess Tool?
I know as a local admin it works great, but I would like to make other individuals perform this task but not be a local admin. Is there specific rights I can give them as part of a local group lets say "HelpDesk" which do not have admin rights but just enough to run this tool?
File level read and execute rights. However, if this is UM (or VM connecting orgs AD) I very much caution against allowing people you wouldn't want to have local admin rights on Unity server to logon. Unity has a lot of permissions within a network and a knowledgeable user could potentially use its functionality for malicious purposes. Only fully trusted Administrators should be allowed to login to a Unity server.
Thanks for the reply but we tested it out with the user a "Power User" but it did not work.
This was a request of a site and I warned them ahead of time of not just giving anyone rights. However the admins think that resetting VM passwords is below them and they are running in VM only but do not want to give the user the right to go to ciscopca.
The user will also need access to SQL Server (which you can configure via Enterprise Manager), but you would want to be careful about that since this would give someone the ability to read/write any of the Unity data.
On the Unity server, create a class of service that allows the admins to reset user passwords. We do this for our Help Desk. In the COS System Access page, uncheck the boxes you don't want the admins to have access to and check the box under Subscriber Access that says "Can unlock subscriber accounts and change passwords". When they go to the Unity SA http://Unityservername/web/sa, all they see is what the COS allows them to see. Once you create the COS, go to each admin subscriber and change it on the Profile Page.
Thanks Ginger for your response which I used a bunch of times.
This is a VM only system which the VM sits in its own domain while the real users sit in another, but the same forest.
The problem is that the Unity Admins Tier II admins want to use their regular login ID's, as well as helpdesk to get into Web/Sa to do their stuff. That is not a problem for the Unity admins nor helpdesk. Accept that their are a lot of people floating in and out of the helpdesk postions. Security is the up most important and no bogus accounts are made because of strict policies.
Therefore the Unity Admins do not want to spend there time using the GrantUnityAccess Tool to associate domain B's accounts with Domain A's subscribers. (Freakin Lazy!).
So they want the helpdesk personal to be able to use the grantunityacces tool so they can do it themselves.
I guess the Admins have been watching to much "Office Space" and do not want to work anymore.
IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion
Over the last few months, I have had the privilege of working on SI...
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...