How To Configure Blackberry Enterprise Server Permissions
1. Create a new user called BESadmin and ensure you create a mailbox. Ensure this user is ONLY a member of “Domain users”
2. Make BESadmin a local Administrator of the server. This is done in AD via the “Built-in” Administrators group
3. Go to Admin Tools on open “Domain Controller Security Policy” and expand the “Local Policies” and “User Right Assignment”. You need to add BESadmin to “Log on Locally” and “log on as Service”.
4. Open Exchange System Manager and right mouse click on “DOMIANNAME (Exchange)” and select Delegate Control. Follow the steps and add BESadmin as an Exchange View Only Administrator.
5. In Exchange manager expand the servers folder and right mouse click on your server name and select properties. On the properties windows select BESadmin and add the permissions “Administer Mailbox Store, Receive As, Send As”. Then under your server name select “First Storage Group” and right mouse click “Mailbox Store (SERVERNAME)” and select properties, from the security tab ensure the BESadmin permissions have propagated down (e.g. you need to ensure BESadmin is present with “Administer Mailbox Store, Receive As, Send As” rights).
6. Open Active Directory and from the View menu select “Advanced Features”. Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission “Send As”. (This will overcome some MS patches that prevent BES sending emails)
8. Log on as BESadmin and install the BES software. Follow the prompts of the install and the server will be required to restart half way through the install. Restart the server and log back on as BESadmin and the install will continue. (Make sure the Connect Test works and the SRP ID etc is validated during the install)
9. After the install is finished open BlackBerry Manager, an error will appear about MAPI client which you can just hit OK. The MAPI setting windows will appear so just add the server name back in and select “Check Name”, if it resolves just hit OK and the manager will start.