Access mailbox via Windows Service

Hi all,

I've build a Windows Service in VB.NET which tries to retrieve the Inbox of a certain mailbox.
This doesn't work because the service is running under the Local System account.
If I change that to any valid user then still it doesn't work.

Now I wonder, is it possible in Exchange 2000 to set something like access rights for that mailbox so that the localsystem account can access it?

OS: Windows 2000 Server
Exchange 2000

Thanks!

D'Mzz!
RoverM
LVL 12
rovermAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Yes its possible, but be aware Exchange rights are different to NTFS rights and group membership generally dosnt apply either

to assign rights to open another users inbox those rights need to be granted at the exchage server level, and given by using the Exchange system manager console.

Pete
0
rovermAuthor Commented:
I already added 'Everyone', 'SYSTEM' and 'SERVICE' to the mailbox rights.
Full access.

Still doesn't work!

0
Pete LongTechnical ConsultantCommented:
roverm,
SUMMARY
Use the Permissions property page to specify the rights that users or groups have on the objects within the Exchange Administrator program. You delegate permissions to a user or group by assigning them a role.

Roles are sets of rights that define how much access and what type of access a user or group has.
ORGANIZATION OBJECT
For the Organization object, Microsoft Exchange provides Administrator, Permissions Administrator, Service Account Administrator, and User default roles. You can also create custom roles.

Default Roles and Rights for Organization object:

Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, and Delete.

Permissions Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, and Modify Permissions.

Service Account Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Replication, and Modify Permissions.

User Role: Modify User Attributes only.
SITE OBJECT
For a Site object, Microsoft Exchange provides Administrator, Permissions Administrator, Send As, Service Account Administrator, User, and View Only Administrator default roles. You can also create custom roles.

Permissions you set on the Site object are inherited by the site recipients container. For example, a user with Mailbox Owner rights at the messaging site level automatically inherits Mailbox Owner rights for all recipients in the recipients container.

Default Roles and Rights of Site Object:

Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, and Logon Rights.

Permissions Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Logon Rights, and Modify Permissions.

Send As Role: Send Messages As a Mailbox. This is different from send on behalf of permissions, because the person receiving the message cannot tell that the message has been sent by someone else.

Service Account Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Send As, Mailbox Owner, Logon Rights, Replication, Modify Permissions.

User Role: Modify User Attributes, Send As, Mailbox Owner Send As Role: Send As only.

View Only Administrator Role: Logon Rights only.
CONFIGURATION OBJECT
For the Configuration object, Microsoft Exchange provides Administrator, Permissions Administrator, Service Account Administrator, Send As, and User roles. You can also create custom roles.

Permissions you set on the Configuration object are inherited by all objects and containers within the Configuration object. For example, a user with Modify Permissions rights on the Configuration object can modify permissions on all subordinate containers and objects.

Default Roles and Rights for Configuration Object:

Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, and Delete.

Permissions Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, and Modify Permissions.

Service Account Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Replication, and Modify Permissions.

Send As Role: Send As Right only.

User Role: Modify User Attributes only.
MORE INFORMATION
Microsoft Exchange rights are defined below. These rights are available for assigning permissions to a user or group on the Organization, Site, and Configuration objects within Exchange Administrator.

"Add Child" allows a user to create objects below this object.

"Modify User Attributes" allows a user to modify user-level attributes associated with an object. A user with this permission can modify the members of a distribution list.

"Modify Admin Attributes" allows a user to modify administrator-level attributes associated with an object. A user with this permission can modify the job title and display name fields in a mailbox.

"Delete" allows a user to delete an object.

"Replication" allows a user to replicate directory information with other servers.

"Modify Permissions" allows a user to modify permissions on existing objects. Without this permission, a user can grant permissions to new mailboxes but cannot modify permissions on existing ones.

"Send As" allows a user to send messages as a mailbox. This is different from Send On Behalf Of permissions, because the person receiving the message cannot tell that the message has been sent by someone else. You delegate Send On Behalf Of permissions using the Delivery Options property page.

"Mailbox Owner" allows a user to log on to a mailbox and use it to send and receive messages.

"Logon Rights" allows a user to log on to any server in the site using the Administrator program.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

rovermAuthor Commented:
Thanks, but what does it all mean? It's just a summary. I need to know how to set the right correct.

And, I don't have a 'Properties page'.
I am running Win2000Server with Active Directory. This mean that all user settings are done in the AD Manager.

FYI: Even when I run the application under the Owners name then it won't work!
0
Pete LongTechnical ConsultantCommented:
>>ry. This mean that all user settings are done in the AD Manager

NO! you need to assisn permissions in exchange forget everything you know about permissions, then open the exchange manager on the exchange server so your looking at the GLOBAL SETTINGS then drill down to the server level and start right clicking.

Pete
0
VahikCommented:
I am not sure but this maybe the same as when u try to setup notification on sql server.If i remember correctly u have to add that outlook profile that is accessing sql(or exchange in ur case)on that local computer.So what u can do is to go to ur services and make it run under anyuser(if possible)and then create an outlook profile for that user on that machine and see if that would help u.
0
rovermAuthor Commented:
Pete,
Thanks so far but still no go...
I've added both SYSTEM and SERVICE accounts to the security tab in my Exchange server console.

Any other ideas?

Vahik,
I tried running under every possible user, including the administrator... didn't work.

I am using profiles, actually, 1 profile.
But even if I generate the profileobject runtime it won't work.

One strange(?) thing tho: I ported the complete code to a VBScript. This works just fine.
And when I put the VBS in the Windows Scheduler it works fine as well! Even when nobody's logged in!

D'Mzz!
RoverM



0
VahikCommented:
Well i think u have answerd ur own question.Go to programming section and try to find out if there is any compatability issues when running vb.net against 2000 operating system.I bet that would run well on a 2003 system.sorry i dont have a clue about programming.
Good luck.
0
rovermAuthor Commented:
Vahik,
The Q is also in the programming section ;-) I already did that.
But since it has to be something with userrights I turned to the Exchange exports.

Thanks tho.

D'Mzz!
RoverM
0
Pete LongTechnical ConsultantCommented:
:0)
0
Chris_TullCommented:
hi roverm,

I have a very similar problem: I have implemented a VB6 service (ntsvc.ocx) which adds/removes scripting agents. From within a VB application: no problem. But by means of the service, everything seems to work, but the event service does not restart and the initialization fails. I suppose that it is related to insufficient access rights although I'm running the service as exchange admin LOGON account.

my question: do you have found a solution to your problem in the meantime...? would be a great help...

good luck, chris
0
rovermAuthor Commented:
Hi Chris,

I put all code in a VBScript and placed that script in the windows scheduler.
The script uses a normal profile to access the mailbox. Works great!

D'Mzz!
RoverM
0
rovermAuthor Commented:
Hi all, closed this Q.
I didn't get the answer I was looking for but maybe in the future I will have more time to look into it.
Thanks !

D'Mzz!
RoverM
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.