Installation Guide for Cisco Unity Release 5.x with IBM Lotus Domino (With Failover Configured)
Creating Accounts for the Installation and Granting Permissions
Downloads: This chapterpdf (PDF - 113.0KB) The complete bookPDF (PDF - 3.8MB) | Feedback

Creating Accounts for the Installation and Granting Permissions

Table Of Contents

Creating Accounts for the Installation and Granting Permissions

About the Accounts Required for the Cisco Unity Installation

The Account Used to Install Cisco Unity

The Account Used to Access the Cisco Unity Administrator

The Accounts That Cisco Unity Services Log On As

Creating the Accounts Required for the Cisco Unity Installation

Adding the Cisco Unity Administration Account to the Local Administrators Group

Granting Permissions with the Cisco Unity Permissions Wizard


Creating Accounts for the Installation and Granting Permissions


In this chapter, you do the following tasks in the order listed:


Note Do Task 1. only on the first server that you install in the failover pair.


1. Familiarize yourself with the domain accounts you will create in Task 2. See the "About the Accounts Required for the Cisco Unity Installation" section.


Note Do Task 2. only on the first server that you install in the failover pair.


2. Create the applicable domain accounts that are needed to install Cisco Unity. See the "Creating the Accounts Required for the Cisco Unity Installation" section.

3. If you created a Cisco Unity administration account in Task 2.: Add the account to the local Administrators group. See the "Adding the Cisco Unity Administration Account to the Local Administrators Group" section.

4. Set rights and permissions for the accounts that you created in Task 2. See the "Granting Permissions with the Cisco Unity Permissions Wizard" section.

When you are finished with this chapter, return to Chapter 1, "Overview of Mandatory Tasks for Installing Cisco Unity" to continue installing the Cisco Unity system.


Note The tasks in the list reference detailed instructions in the Cisco Unity installation guide and in other Cisco Unity documentation. Follow the documentation for a successful installation.


About the Accounts Required for the Cisco Unity Installation

This section describes the following domain accounts that are needed for the Cisco Unity installation:

The Account Used to Install Cisco Unity

The Account Used to Access the Cisco Unity Administrator

The Accounts That Cisco Unity Services Log On As


Note The same accounts are required for installing a new Cisco Unity 5.0(x) system and for upgrading from previous versions of Cisco Unity.


The Account Used to Install Cisco Unity

If you are installing more than one Cisco Unity server in a site—including setting up failover—you can use the same account to install Cisco Unity software on all of the servers.

The Account Used to Access the Cisco Unity Administrator

When you install Cisco Unity, you are prompted to choose the Active Directory domain account that you want to use to access the Cisco Unity Administrator (the website used to perform most administration tasks). During installation, the account is automatically associated with a Cisco Unity subscriber whose class of service allows Cisco Unity Administrator access. (Later you can create additional Cisco Unity subscribers who also can access the Cisco Unity Administrator.)

By default, the Cisco Unity administration account is the installation account. If you prefer to use an account other than the installation account to be the first Cisco Unity administration account, create an additional domain account for that purpose.

The Cisco Unity administration account must be a member of the local Administrators group. A procedure later in this chapter explains how to add the account to that group.

The Accounts That Cisco Unity Services Log On As

During Cisco Unity installation, you are prompted to choose two domain accounts that Cisco Unity services log on as:

The account that Cisco Unity directory and message store services log on as. Directory services keep subscriber data in the directory synchronized with subscriber data in the Cisco Unity SQL Server database. Message store services allow subscribers to send and receive voice messages by using the telephone user interface.

The account that local services log on as. By default, local Cisco Unity services log on as the Local System account. We recommend that you not change this.

Creating the Accounts Required for the Cisco Unity Installation

The procedure in this section requires Active Directory Users and Computers (ADUC). If the Cisco Unity server is a domain controller, ADUC is already installed. If ADUC is not installed, do one of the following:

Install ADUC on the Cisco Unity server. For information, refer to Windows Help.

In the domain that includes the Cisco Unity server, go to a computer (for example, the domain controller) on which Active Directory Users and Computers is already installed.

To Create Domain Accounts for Cisco Unity Installation, Administration, and Services


Step 1 On the Cisco Unity server or another server where Active Directory Users and Computers is installed, log on to Windows by using an account that is a member of the Domain Admins group.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Active Directory Users and Computers.

Step 3 In the left pane, expand the domain, right-click Users or the organizational unit where you want to create the installation account, and click New > User.

Step 4 Follow the on-screen prompts to create the installation account.

We suggest that you use the following names for the accounts:

Installation

UnityInstall

Administration

UnityAdmin

Account that Cisco Unity directory and message store services log on as

UnitySvc


Step 5 Repeat Step 3 and Step 4 to create the Cisco Unity administration account and the account that Cisco Unity directory and message store services log on as.

For the account that Cisco Unity directory and message store services log on as, ensure that the password for the account will never expire. If the password expires, Cisco Unity will stop working the next time the server is restarted.

Step 6 Close Active Directory Users and Computers.


Adding the Cisco Unity Administration Account to the Local Administrators Group


Note If you did not create a Cisco Unity administration account in the "Creating the Accounts Required for the Cisco Unity Installation" section, skip this section.


Add the Cisco Unity administration account to the local Administrators group on the primary and secondary Cisco Unity servers.

To Add the Cisco Unity Administration Account to the Local Administrators Group


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Computer Management.

Step 2 In the left pane of the Computer Management MMC, expand System Tools > Local Users and Groups.

Step 3 In the left pane, click Groups.

Step 4 In the right pane, double-click Administrators.

Step 5 In the Administrators Properties dialog box, click Add.

Step 6 In the Select Users or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.

Step 7 In the top list, double-click the name of the Cisco Unity administration account. The name appears in the bottom list.

Step 8 Click OK to close the Select Users or Groups dialog box.

Step 9 Click OK to close the Administrators Properties dialog box.

Step 10 Close the Computer Management MMC.


Granting Permissions with the Cisco Unity Permissions Wizard

The Cisco Unity Permissions wizard is frequently updated between Cisco Unity releases. We recommend that you download and run the latest version of the Permissions wizard that is applicable to your version of Cisco Unity. The Permissions wizard is available at http://www.ciscounitytools.com/4_x_tools.htm.

For information on granting permissions with the Permissions wizard, refer to the Permissions wizard Help file PWHelp_<language>.htm that is included with the version of the Permissions wizard that you are using.

You run the Permissions wizard on both the primary and secondary Cisco Unity servers.


Caution If you are running the Permissions Wizard by using Windows Terminal Services (WTS), the PWDiag.Log file will be deleted at the end of the WTS session. To save it, you must copy it to another location before you end the session.

For a complete list of the permissions set by the Permissions wizard, refer to the Permissions wizard Help file PWHelpPermissionsSet_<language>.htm.