Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
3
Helpful
5
Replies

Unity 4.0(5) - GrantUnityAccess Tool

brian-henry
Level 4
Level 4

‎04-04-2006 02:44 PM - edited ‎03-18-2019 05:45 PM

What minimum rights does a person need on a Unity server box to run the GrantUnityAccess Tool?

I know as a local admin it works great, but I would like to make other individuals perform this task but not be a local admin. Is there specific rights I can give them as part of a local group lets say "HelpDesk" which do not have admin rights but just enough to run this tool?

Thanks in Advance

Brian

Labels:
0 Helpful
5 Replies 5

kechambe
Level 7
Level 7

‎04-05-2006 07:58 AM

File level read and execute rights. However, if this is UM (or VM connecting orgs AD) I very much caution against allowing people you wouldn't want to have local admin rights on Unity server to logon. Unity has a lot of permissions within a network and a knowledgeable user could potentially use its functionality for malicious purposes. Only fully trusted Administrators should be allowed to login to a Unity server.

Thanks,

Keith

brian-henry
Level 4
Level 4
In response to kechambe

‎04-05-2006 09:27 AM

Thanks for the reply but we tested it out with the user a "Power User" but it did not work.

This was a request of a site and I warned them ahead of time of not just giving anyone rights. However the admins think that resetting VM passwords is below them and they are running in VM only but do not want to give the user the right to go to ciscopca.

Thanks for all your assistance

Brian

0 Helpful

mapennin
Cisco Employee
Cisco Employee
In response to brian-henry

‎04-05-2006 10:35 AM

The user will also need access to SQL Server (which you can configure via Enterprise Manager), but you would want to be careful about that since this would give someone the ability to read/write any of the Unity data.

- Matt

0 Helpful

Ginger Dillon
VIP Alumni
VIP Alumni
In response to brian-henry

‎04-05-2006 01:51 PM

Hi Brian -

On the Unity server, create a class of service that allows the admins to reset user passwords. We do this for our Help Desk. In the COS System Access page, uncheck the boxes you don't want the admins to have access to and check the box under Subscriber Access that says "Can unlock subscriber accounts and change passwords". When they go to the Unity SA http://Unityservername/web/sa, all they see is what the COS allows them to see. Once you create the COS, go to each admin subscriber and change it on the Profile Page.

Ginger

0 Helpful

brian-henry
Level 4
Level 4
In response to Ginger Dillon

‎04-05-2006 06:25 PM

Thanks Ginger for your response which I used a bunch of times.

Scenario:

This is a VM only system which the VM sits in its own domain while the real users sit in another, but the same forest.

The problem is that the Unity Admins Tier II admins want to use their regular login ID's, as well as helpdesk to get into Web/Sa to do their stuff. That is not a problem for the Unity admins nor helpdesk. Accept that their are a lot of people floating in and out of the helpdesk postions. Security is the up most important and no bogus accounts are made because of strict policies.

Therefore the Unity Admins do not want to spend there time using the GrantUnityAccess Tool to associate domain B's accounts with Domain A's subscribers. (Freakin Lazy!).

So they want the helpdesk personal to be able to use the grantunityacces tool so they can do it themselves.

I guess the Admins have been watching to much "Office Space" and do not want to work anymore.

Thanks for your reply though.

Brian

0 Helpful
Customers Also Viewed These Support Documents