Table Of Contents
Creating Accounts for the Installation and Setting Rights and Permissions
About the Accounts Required for the Cisco Unity Installation
The Account Used to Install Cisco Unity
The Account Used to Access the Cisco Unity Administrator
The Accounts That Own Cisco Unity Services
Creating the Accounts
Adding the Administration Account to an Admins Group
Setting Rights and Permissions with the Cisco Unity Permissions Wizard
Creating Accounts for the Installation and Setting Rights and Permissions
In this chapter, you do the following tasks in the order listed:
1. 
Familiarize yourself with the domain accounts you will create in Task 2. See the "About the Accounts Required for the Cisco Unity Installation" section.
2. Create the applicable accounts that are needed to install Cisco Unity. See the "Creating the Accounts" section.
3. If you created an administration account in Task 2., add the account to an Admins group. See the "Adding the Administration Account to an Admins Group" section.
4. Set rights and permissions for the accounts that you created in Task 2. See the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section.
When you are finished with this chapter, return to the applicable task list for your platform type to continue installing the Cisco Unity system correctly:
•Task List for Installing Cisco Unity on a Qualified Server
•Task List for Installing Cisco Unity in the Cisco ICS 7750
Note The tasks in the list reference detailed instructions in the Cisco Unity Installation Guide and in other Cisco Unity documentation. Follow the documentation for a successful installation.
About the Accounts Required for the Cisco Unity Installation
This section describes the following domain accounts that are needed for the Cisco Unity installation:
•The Account Used to Install Cisco Unity
•The Account Used to Access the Cisco Unity Administrator
•The Accounts That Own Cisco Unity Services
Note The same accounts are required for installing a new Cisco Unity 4.0(x) system and for upgrading from previous versions of Cisco Unity.
The Account Used to Install Cisco Unity
During installation, Cisco Unity creates a number of Cisco Unity objects in the Domino directory, so the account with which you log on to Windows to install Cisco Unity must have proper user rights and permissions to perform the necessary operations.
If you are installing more than one Cisco Unity server in a site, you can use the same account to install Cisco Unity software on all of the servers.
The Account Used to Access the Cisco Unity Administrator
When you install Cisco Unity, you are prompted to choose the Windows domain account that you want to use to access the Cisco Unity Administrator (the website used to perform most administration tasks). During installation, the domain account is automatically associated with a Cisco Unity subscriber whose class of service allows Cisco Unity Administrator access. (Later you can create additional Cisco Unity subscribers who also can access the Cisco Unity Administrator.)
By default, the administration account is the installation account. If you prefer to use an account other than the installation account to be the first Cisco Unity administration account, create an additional domain account for that purpose.
When the Cisco Unity server is a domain controller, the administration account must be a member of the Domain Admins group. When the Cisco Unity server is a member server, the administration account must be a member of the Local Admins group. Procedures later in this chapter explain how to add the account to the applicable group.
The Accounts That Own Cisco Unity Services
During Cisco Unity installation, you are prompted to choose two domain accounts that own Cisco Unity services:
•The account that owns the Cisco Unity directory services, which keep subscriber data in the directory synchronized with subscriber data in the Cisco Unity SQL Server database, and the Cisco Unity message store services, which allow subscribers to send and receive voice messages by using the telephone user interface.
•The account that owns local services. By default, local Cisco Unity services are owned by the Local System account. We recommend that you not change the owner of the services.
Creating the Accounts
Some procedures in this section assume that you have access to Active Directory Users and Computers because the Cisco Unity server is the domain controller.
To create the accounts and set their permissions when Active Directory Users and Computers is not installed on the Cisco Unity server, do one of the following:
•Install Active Directory Users and Computers on the Cisco Unity server. For information, refer to Windows 2000 Server Help.
•In the domain that includes the Cisco Unity server, go to a computer (for example, the domain controller) on which Active Directory Users and Computers is already installed.
To create domain accounts for Cisco Unity installation, administration, and services
Step 1 On the Cisco Unity server or another server where Active Directory Users and Computers is installed, log on to Windows by using an account that is a member of the Domain Admins group.
Step 2 On the Windows Start menu, click Programs > Administrative Tools > Active Directory Users and Computers.
Step 3 In the left pane, expand the domain, right-click Users or the organizational unit where you want to create the installation account, and click New > User.
Step 4 Follow the on-screen prompts.
We suggest that you use the following names for the accounts:
Installation
|
UnityInstall
|
Administration
|
UnityAdmin
|
Owner of Cisco Unity directory
and message store services
|
UnitySvc
|
Step 5 Repeat Steps 3 and 4 to create the administration account and the account that owns Cisco Unity services.
For the account that owns Cisco Unity services, ensure that the password for the account will never expire. If the password expires, Cisco Unity will stop working the next time the server is restarted.
Step 6 Close Active Directory Users and Computers.
Adding the Administration Account to an Admins Group
If you created an administration account in the "Creating the Accounts" section, you must add the account either to the local Administrators group—when the Cisco Unity server is a member server—or to the Domain Admins group—when the Cisco Unity server is a domain controller.
To add the administration account to the local Administrators group (only when the Cisco Unity server is a member server)
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Computer Management.
Step 2 In the left pane of the Computer Management MMC, expand System Tools > Local Users and Groups.
Step 3 In the left pane, click Groups.
Step 4 In the right pane, double-click Administrators.
Step 5 In the Administrators Properties dialog box, click Add.
Step 6 In the Select Users or Groups dialog box, in the Look In list, click the name of the domain to which the Cisco Unity server belongs.
Step 7 In the top list, double-click the name of the administration account. The name appears in the bottom list.
Step 8 Click OK to close the Select Users or Groups dialog box.
Step 9 Click OK to close the Administrators Properties dialog box.
Step 10 Close the Computer Management MMC.
To add the administration account to the Domain Admins group (only when the Cisco Unity server is a domain controller)
Step 1 On the Cisco Unity server or another server where Active Directory Users and Computers is installed, log on to Windows by using an account that is a member of the Domain Admins group.
Step 2 On the Windows Start menu, click Programs > Administrative Tools > Active Directory Users and Computers.
Step 3 In the left pane, expand the domain, and click Users.
Step 4 In the right pane, double-click the name of the administration account.
Step 5 Click the Members tab.
Step 6 Click Add.
Step 7 In the Select Groups dialog box, in the top list, double-click Domain Admins. The name appears in the bottom list.
Step 8 Click OK to close the Select Groups dialog box.
Step 9 Click OK to close the Properties dialog box.
Setting Rights and Permissions with the Cisco Unity Permissions Wizard
The procedure in this section sets the permissions that Cisco Unity requires for:
•The account that you will use to install Cisco Unity.
•The account that will own Cisco Unity directory and message store services.
Caution The following procedure grants each account the rights to act as a part of the operating system, to log on as a service, and to log on as a batch job, and does so in the local security policy. If a domain security policy is in effect, confirm that the domain security policy does not deny the accounts these rights.
To run the Cisco Unity Permissions wizard
Step 1 Log on to the Cisco Unity server by using an account that is a member of the Domain Admins group and that has the right to act as part of the operating system.
Caution If you try to run the Permissions wizard by using an account that has less than the default permissions for a Domain Admin, the wizard may not be able to set all of the permissions required by the installation account and the services accounts. If the Permissions wizard cannot set all of the required permissions, either the Cisco Unity installation will fail or Cisco Unity will not run properly after it has been installed.
Step 2 Insert the Cisco Unity DVD in the DVD drive.
or
Insert Cisco Unity CD 1 in the CD-ROM drive.
Step 3 Browse to the Utilities\PermissionsWizard directory, and run PermissionsWizard.exe.
Step 4 In the Welcome to the Cisco Unity Permissions Wizard, click Lotus Domino.
Step 5 Click Next.
Step 6 Click Change, and choose the account that you want to use to install Cisco Unity.
Step 7 Click Next.
Step 8 Click Change, and choose the account that you want to own Cisco Unity directory and message store services.
Step 9 Click Next.
Step 10 A summary appears that lists the permissions that will be granted to each account, including user rights and membership in groups.
Click Next to grant the listed permissions. The Permissions wizard may take a few minutes to grant permissions.
Step 11 If the Permissions wizard failed to grant one or more permissions, an error message appears that lists the number of permissions it was not able to grant. Click OK.
Step 12 To display a report listing the operations that succeeded and those that failed, if any, click View Detailed Results.
Step 13 If one or more permissions could not be granted, fix the problems, and run the Permissions wizard again.
Caution If the Permissions wizard failed to set any permissions, either the Cisco Unity installation will fail or Cisco Unity will not run properly after it has been installed. You must successfully run the Permissions wizard before you can continue installing Cisco Unity.
Step 14 Click Finish.
Step 15 If the account that you logged on with in Step 1 is also the account that you want to use to install Cisco Unity (the account that you selected in Step 6), log off Windows and log back on so the permissions set by the Permissions wizard will take effect.
Feedback
