[cisco-voip] Unified Mobility: Creating Remote Destination Profile Templates
Anthony Holloway
avholloway+cisco-voip at gmail.com
Mon Feb 14 15:30:05 EST 2011
I'm confused as to what you are suggesting. Perhaps I can offer you what I
believe is how the RDP Template works. It forces you to pick a CCM End User
as the User ID field for the Template. To my knowledge, CCM End Users are
listed in the Directory.
Anthony
On Mon, Feb 14, 2011 at 2:21 PM, Paul <asobihoudai at yahoo.com> wrote:
> Wouldn't you be able to, besides using the filters you've already
> configured,
> change the suggested LDAP service account's access to the RDP template
> account
> as an object or perhaps have the account moved to an OU that the LDAP
> service
> account does not have access to?
>
>
>
>
> ________________________________
> From: Anthony Holloway <avholloway+cisco-voip at gmail.com>
> To: Adel Abushaev <adel.abushaev at gmail.com>
> Cc: Cisco VoIP Group <cisco-voip at puck.nether.net>
> Sent: Mon, February 14, 2011 12:11:21 PM
> Subject: Re: [cisco-voip] Unified Mobility: Creating Remote Destination
> Profile
> Templates
>
> Thank you for your insight on the topic. What you are saying is good
> advice,
> only this service account would have to also appear in the Directory, and
> that
> is ugly. We use LDAP filters to specifically avoid listing service
> accounts in
> the Directory. Again, thank you for your input.
>
> Anthony
>
>
> On Mon, Feb 14, 2011 at 12:50 PM, Adel Abushaev <adel.abushaev at gmail.com>
> wrote:
>
> Can you reference a domain admin account from AD? Those rarely change,
> >mostly never. It probably is not Administrator, for security reasons
> >(which delays the hacking person only by about 5 minutes in total),
> >but people rename Administrator to something less appealing. Since
> >this is an account that you don't plan to use on user devices, it
> >might be a good candidate for your purposes, if IT folks do not want
> >to create a service account.
> >
> >Actually creating service account would be more secure, it needs to be
> >a very deeply restricted user, with absolutely no permissions other
> >than just being there, and UCM_DO_NOT_DELETE is a nice name for it.
> >
> >But first try selling them the story that Call Manager doesn't have
> >local user directory when it's integrated with AD, and there is
> >absolutely no way you could create that user without them.
> >
> >Adel.
> >
> >
> >On Sat, Feb 12, 2011 at 7:00 AM, Anthony Holloway
> ><avholloway+cisco-voip at gmail.com> wrote:
> >> Group,
> >> When you create an RDP Template it makes you select an End User to
> associate
> >> to the RDP. It doesn't have to be a Mobility enabled user, just any old
> End
> >> User will do. If one were to choose the first user in the list as
> >> an efficient way to set that value, and this user ends up leaving the
> >> organization, and the AD account gets scrubbed, well, then your RDP
> Template
> >> gets deleted automatically.
> >> I can see that by having a dedicated service account in my end user's
> list,
> >> named something like: rdp_template, would alleviate that problem, but
> now I
> >> have to explain to the client why they need to create dummy account on
> their
> >> AD side.
> >> How have others tackled this? Am I missing something, such that
> creating
> >> dummy users is the norm?
> >> Anthony
> >> _______________________________________________
> >> cisco-voip mailing list
> >> cisco-voip at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-voip
> >>
> >>
> >
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110214/dadec0eb/attachment.html>
More information about the cisco-voip
mailing list