Cisco Systems OL-7371-02 Setting Rights and Permissions with the Cisco Unity Permissions Wizard

7-4

Installation Guide for Cisco Unity 4.0(5) and Later Voice Messaging with Microsoft Exchange 2003/2000 (With Failover Configured)

OL-7371-02

Chapter 7 Creating Accounts for the Installation and Setting Rights and Permissions

Setting Rights and Permissions with the Cisco Unity Permissions Wizard

Step 2 In the left pane of the Computer Management MMC, expand System Tools > Local Users and Groups.

Step 3 In the left pane, click Groups.

Step 4 In the right pane, double-click Administrators.

Step 5 In the Administrators Properties dialog box, click Add.

Step 6 In the Select Users or Groups dialog box, in the Look In list, click the name of the domain to which the

Cisco Unity server belongs.

Step 7 In the top list, double-click the name of the Cisco Unity administration account. The name appears in

the bottom list.

Step 8 Click OK to close the Select Users or Groups dialog box.

Step 9 Click OK to close the Administrators Properties dialog box.

Step 10 Close the Computer Management MMC.

Setting Rights and Permissions with the Cisco Unity Permissions Wizard

The procedure in this section sets the permissions that Cisco Unity requires for:

• The account that you will use to install Cisco Unity.

• The two accounts that Cisco Unity directory and message store services will log on as.

In addition, you must set Exchange-specific permissions, as described in the “Setting Required

Exchange Permissions” section on page 7-8.

You run the Permissions wizard on both the primary and secondary Cisco Unity servers.

The Permissions wizard will complete in under an hour, and possibly in just a few minutes.

Before you can run the Permissions wizard, the Active Directory schema must have been extended for

Cisco Unity, which you should have done when you set up the message store (in the “Extending the

Active Directory Schema for Cisco Unity” section on page 6-6).

Caution Cisco Unity needs to be able to change properties of Active Directory users. The Permissions wizard

grants the directory services account the right to change user accounts in the containers that you specify.

Cisco Unity can change user accounts in those containers only if inheritance is enabled for the containers

and for the users themselves. If you disable inheritance for any containers or groups that include

Cisco Unity subscribers, or for any users who are subscribers, Cisco Unity (using the directory services

account) will not be able to change properties for the affected users. In that case, you will need to either

grant permissions to those users explicitly or re-enable inheritance by checking the Allow Inheritable

Permissions from Parent to Propagate to This Object check box on the Security tab in the applicable

Properties dialog box.

The following procedure grants the installation and services accounts the rights to act as a part of the

operating system, to log on as a service, and to log on as a batch job, and does so in the local security

policy. (For a complete list of the permissions set by Permissions Wizard, refer to the Permissions

Wizard Help file PWHelpPermissionsSet_<language>.htm.)