[cisco-voip] Unified Mobility: Creating Remote Destination Profile Templates
Anthony Holloway
avholloway+cisco-voip at gmail.com
Mon Feb 14 15:11:21 EST 2011
Thank you for your insight on the topic. What you are saying is good
advice, only this service account would have to also appear in the
Directory, and that is ugly. We use LDAP filters to specifically avoid
listing service accounts in the Directory. Again, thank you for your input.
Anthony
On Mon, Feb 14, 2011 at 12:50 PM, Adel Abushaev <adel.abushaev at gmail.com>wrote:
> Can you reference a domain admin account from AD? Those rarely change,
> mostly never. It probably is not Administrator, for security reasons
> (which delays the hacking person only by about 5 minutes in total),
> but people rename Administrator to something less appealing. Since
> this is an account that you don't plan to use on user devices, it
> might be a good candidate for your purposes, if IT folks do not want
> to create a service account.
>
> Actually creating service account would be more secure, it needs to be
> a very deeply restricted user, with absolutely no permissions other
> than just being there, and UCM_DO_NOT_DELETE is a nice name for it.
>
> But first try selling them the story that Call Manager doesn't have
> local user directory when it's integrated with AD, and there is
> absolutely no way you could create that user without them.
>
> Adel.
>
> On Sat, Feb 12, 2011 at 7:00 AM, Anthony Holloway
> <avholloway+cisco-voip at gmail.com> wrote:
> > Group,
> > When you create an RDP Template it makes you select an End User to
> associate
> > to the RDP. It doesn't have to be a Mobility enabled user, just any old
> End
> > User will do. If one were to choose the first user in the list as
> > an efficient way to set that value, and this user ends up leaving the
> > organization, and the AD account gets scrubbed, well, then your RDP
> Template
> > gets deleted automatically.
> > I can see that by having a dedicated service account in my end user's
> list,
> > named something like: rdp_template, would alleviate that problem, but now
> I
> > have to explain to the client why they need to create dummy account on
> their
> > AD side.
> > How have others tackled this? Am I missing something, such that creating
> > dummy users is the norm?
> > Anthony
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110214/213ee6ed/attachment.html>
More information about the cisco-voip
mailing list