BUG: Permission issues

Discussion forum for Enterprise Edition.
Post Reply
paarlberg
Posts: 1071
Joined: Tue Mar 02, 2004 7:33 pm
Location: Atlanta, GA, USA

BUG: Permission issues

Post by paarlberg » Sat May 10, 2008 6:52 pm

I found several permission issues that took some time to fix. I had originally thought it had to do with ASSP on the front-end or Windows Firewall.

I was doing a fresh install of Ent 2.50 and migration of config from another server. I ended up upgrading to Ent 2.52 after everything was fixed.

One was relating to this.

http://forum.mailenable.com/viewtopic.php?t=15663

The other was that MEInstaller.exe doesn't add the IME_SYSTEM and IME_STORE_GROUP permissions to the folders and registry as needed.

I had run the CACLS commands after migrating to the new server, since there weren't any errors, it appeared that it worked. It had not applied the proper settings to all folders.

I had issues with POP3, IMAP and SMTP authentication that took more time than I had wanted to fix.

IME_STORE_GROUP needed full rights on the PO folders
IME_SYSTEM needed full rights on the MailEnable tree in the registry.

Neither of the above were set correctly using MEInstaller.exe. I ended up doing a folder by folder comparison between the old and new server to find the incorrect settings. Since it was a fresh install, the registry settings should have been correct.

This what about my 10th ME server migration in the past few years and the first one that caused me any issues that couldn't be resolved in a few minutes.

The good side is it got me out of spring cleaning around the house. I will most likely pay dearly for that later. :shock:

paarlberg
Posts: 1071
Joined: Tue Mar 02, 2004 7:33 pm
Location: Atlanta, GA, USA

Post by paarlberg » Sun May 11, 2008 1:08 am

For ME support team:

If the IME_SYSTEM and IME_STORE_GROUP accounts exist on a server, does the install routine see it and then skip setting permissions on the registry and folders?

I had installed v3 on this server prior as we were considering moving to v3 as part of the migration. We decided to stay on v2 and I uninstalled v3 completely (including deleting the registry tree pieces that remained) prior to the v2 install. I did not delete the IME_SYSTEM and IME_STORE_GROUP accounts though.

I would suggest adding into MEInstaller.exe the ability to reset these permissions and not just for the IME_USER and IME_ADMIN accounts.

Post Reply