IP Telephony software isn't like many mission-critical applications. Too often, security is a kludgy after-thought. But most IP telephony software has it built in. On the whole, this is very good, but it does have a downside: Doing things the "right way" can be a little cumbersome.
As an example, take Cisco's Unity unified messaging software. To support this software securely, you need a lot of separate accounts, with some very complex permissions. First, you've got the accounts to run the SQL Server services, and the SQL Server Admin account. Then you've got the accounts to install Unity, run the Unity services and then the Unity Admin account. And all of this is just for voice mail; it doesn't include Cisco's CallManager.
Regardless of which IP Telephony software you use, this account situation is likely to sound familiar. The cumbersome part comes in when you start having to log out of one account, then log in as another account, complete a little task, then log back out and back in as the first account to do something else. You may be tempted to make one account (usually Administrator) and assign all the permissions to it, but this is a profoundly bad idea.
The right way to do this is to always log in to Windows as your own account, then run each application as the appropriate account. This is quick and easy and secure.
The easiest way to do this is to create shortcuts on your desktop to the administrator utilities you need, then right-click
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in October 2003