I am advising a customer to deal with a potential security breach in his Unity Server.
I advised him to use individual user accounts to administer the server, asigning the Default Administrator CoS to each subscriber.
That worked fine, but when we used the Reports option to generate an Administrative Access report for All administrators, we found that the changes made with the new accounts do not get included in the report.
Are we doing something wrong? are we missing something?
Besides asigning the CoS, I am also using GrantUnityAccess, but as the domain users already have a valid subscriber in Unity, it seems useless...
When you ran the GrantUnityAccess for these users, did you use installer as the default account to be associated with each? Since you already have these users in the Default Admin COS, you should not need the GrantUnityAccess utility, which may be the reason you are not getting the detail information in the Admin Access report. As a test you could remove the users from GrantUnityAccess and then have them perform a couple of subscriber related activities. Rerun the Admin access report. The only reason we use GrantUnityAccess to for our Unity Admins that are not admins on another Unity server, but also need to manage subscribers there. I'm thinking you should be OK without it on that one server.
I forgot to mention in my previous note, unsure if it matters, but I don't use the default Admin COS. I create a new one that has exactly the administrative access I want to control. For example, you may want the users to be able to add/delete users, but not work with Call Handlers. Or for example, our Help Desk users only have access to resetting voicemail passwords for subscribers on that server. So, are you saying you already removed these users from GrantUnityAccess and had them test making some subscriber updates, and the Admin access report still shows only the EAdmin and installer profiles?
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...