. Remote users are unable to connect even

Enabling LCS When AD Permissions Inheritance Is Blocked Companies often lock down their environment to control who can do what on a forest and/or domain level. Lockdown means an administrator does not rely on the settings and options that Microsoft specified during the forest and domain preparation steps, for security reasons. The administrator deletes a set of entries and stops the OU structure from self-replicating its settings from the top down. Active Directory permission inheritance can also be blocked when you are using tools that set the Active Directory permissions, such as NetIQ s Directory and Resource Administrator or bv-Control for Microsoft Active Directory. Both tools hold their information in a central database and just apply it to the Active Directory. The tools do that from the top down, so there is no need to have that inherited automatically from the Active Directory. The following sections cover deployment issues you may face and how to overcome them. Authenticated Users ACE Removed The authenticated users ACE is removed from a domain s default container, such as System, Users, Computer, or Domain Controllers. Microsoft Office Live Communications Server 2005 Prep Domain adds direct ACEs on relevant default containers on that domain to remove the reliance of Live Communications Server 2005 on these authenticated users ACEs. However, note that removing authenticated users Read ACEs on the forest root main containers blocks the deployment of Live Communications Server 2005 in a child domain. This scenario cannot be addressed by LCS in its default configuration. The workaround is to add Read ACEs on these root domain containers for the Domain Admins from the child domains that will be activating the Live Communications Server. Custom Organizational Unit Custom organizational unit (OU) containers are created to hold user and computer objects with permission inheritance disabled. Live Communications Server provides an optional CreateLcsOuPermissions procedure, available from the LcsCmd.exe command-line deployment tool. This procedure enables an administrator to add the remaining Live Communications Server ACEs to objects in specified OU containers to which the inheritance is blocked. In order to successfully accomplish this, you must specify the type of objects in the OU container (e.g., computer, user, InetOrgPerson) so that the procedure adds only the relevant ACEs for that object type. There is also an option for selecting OU type of contacts for supporting the central forest topology scenario. You have to run this procedure, CreateLcsOuPermissions, on every OU with users enabled for Live Communications Server 2005, and every OU with computers hosting Live Communications Server 2005. This is required for the successful deployment, operation, and administration of Live Communications Server 2005. Figure 9-1 shows the Security tab of the Computers Properties dialog, which indicates the default permission set on that OU. To access the Security tab in Active Directory Users and Computers, select Advanced Settings from the View menu. 198 Chapter 9

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Bookmark the permalink.

Comments are closed.