Solved

Access mailbox via Windows Service

Posted on 2003-11-19
13
934 Views
Last Modified: 2012-06-21
Hi all,

I've build a Windows Service in VB.NET which tries to retrieve the Inbox of a certain mailbox.
This doesn't work because the service is running under the Local System account.
If I change that to any valid user then still it doesn't work.

Now I wonder, is it possible in Exchange 2000 to set something like access rights for that mailbox so that the localsystem account can access it?

OS: Windows 2000 Server
Exchange 2000

Thanks!

D'Mzz!
RoverM
0
Comment
Question by:roverm
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9777435
Yes its possible, but be aware Exchange rights are different to NTFS rights and group membership generally dosnt apply either

to assign rights to open another users inbox those rights need to be granted at the exchage server level, and given by using the Exchange system manager console.

Pete
0
 
LVL 12

Author Comment

by:roverm
ID: 9777797
I already added 'Everyone', 'SYSTEM' and 'SERVICE' to the mailbox rights.
Full access.

Still doesn't work!

0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 9777936
roverm,
SUMMARY
Use the Permissions property page to specify the rights that users or groups have on the objects within the Exchange Administrator program. You delegate permissions to a user or group by assigning them a role.

Roles are sets of rights that define how much access and what type of access a user or group has.
ORGANIZATION OBJECT
For the Organization object, Microsoft Exchange provides Administrator, Permissions Administrator, Service Account Administrator, and User default roles. You can also create custom roles.

Default Roles and Rights for Organization object:

Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, and Delete.

Permissions Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, and Modify Permissions.

Service Account Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Replication, and Modify Permissions.

User Role: Modify User Attributes only.
SITE OBJECT
For a Site object, Microsoft Exchange provides Administrator, Permissions Administrator, Send As, Service Account Administrator, User, and View Only Administrator default roles. You can also create custom roles.

Permissions you set on the Site object are inherited by the site recipients container. For example, a user with Mailbox Owner rights at the messaging site level automatically inherits Mailbox Owner rights for all recipients in the recipients container.

Default Roles and Rights of Site Object:

Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, and Logon Rights.

Permissions Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Logon Rights, and Modify Permissions.

Send As Role: Send Messages As a Mailbox. This is different from send on behalf of permissions, because the person receiving the message cannot tell that the message has been sent by someone else.

Service Account Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Send As, Mailbox Owner, Logon Rights, Replication, Modify Permissions.

User Role: Modify User Attributes, Send As, Mailbox Owner Send As Role: Send As only.

View Only Administrator Role: Logon Rights only.
CONFIGURATION OBJECT
For the Configuration object, Microsoft Exchange provides Administrator, Permissions Administrator, Service Account Administrator, Send As, and User roles. You can also create custom roles.

Permissions you set on the Configuration object are inherited by all objects and containers within the Configuration object. For example, a user with Modify Permissions rights on the Configuration object can modify permissions on all subordinate containers and objects.

Default Roles and Rights for Configuration Object:

Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, and Delete.

Permissions Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, and Modify Permissions.

Service Account Administrator Role: Add Child, Modify User Attributes, Modify Administrator Attributes, Delete, Replication, and Modify Permissions.

Send As Role: Send As Right only.

User Role: Modify User Attributes only.
MORE INFORMATION
Microsoft Exchange rights are defined below. These rights are available for assigning permissions to a user or group on the Organization, Site, and Configuration objects within Exchange Administrator.

"Add Child" allows a user to create objects below this object.

"Modify User Attributes" allows a user to modify user-level attributes associated with an object. A user with this permission can modify the members of a distribution list.

"Modify Admin Attributes" allows a user to modify administrator-level attributes associated with an object. A user with this permission can modify the job title and display name fields in a mailbox.

"Delete" allows a user to delete an object.

"Replication" allows a user to replicate directory information with other servers.

"Modify Permissions" allows a user to modify permissions on existing objects. Without this permission, a user can grant permissions to new mailboxes but cannot modify permissions on existing ones.

"Send As" allows a user to send messages as a mailbox. This is different from Send On Behalf Of permissions, because the person receiving the message cannot tell that the message has been sent by someone else. You delegate Send On Behalf Of permissions using the Delivery Options property page.

"Mailbox Owner" allows a user to log on to a mailbox and use it to send and receive messages.

"Logon Rights" allows a user to log on to any server in the site using the Administrator program.
0
 
LVL 12

Author Comment

by:roverm
ID: 9778088
Thanks, but what does it all mean? It's just a summary. I need to know how to set the right correct.

And, I don't have a 'Properties page'.
I am running Win2000Server with Active Directory. This mean that all user settings are done in the AD Manager.

FYI: Even when I run the application under the Owners name then it won't work!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9779159
>>ry. This mean that all user settings are done in the AD Manager

NO! you need to assisn permissions in exchange forget everything you know about permissions, then open the exchange manager on the exchange server so your looking at the GLOBAL SETTINGS then drill down to the server level and start right clicking.

Pete
0
 
LVL 26

Assisted Solution

by:Vahik
Vahik earned 250 total points
ID: 9779220
I am not sure but this maybe the same as when u try to setup notification on sql server.If i remember correctly u have to add that outlook profile that is accessing sql(or exchange in ur case)on that local computer.So what u can do is to go to ur services and make it run under anyuser(if possible)and then create an outlook profile for that user on that machine and see if that would help u.
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 12

Author Comment

by:roverm
ID: 9779646
Pete,
Thanks so far but still no go...
I've added both SYSTEM and SERVICE accounts to the security tab in my Exchange server console.

Any other ideas?

Vahik,
I tried running under every possible user, including the administrator... didn't work.

I am using profiles, actually, 1 profile.
But even if I generate the profileobject runtime it won't work.

One strange(?) thing tho: I ported the complete code to a VBScript. This works just fine.
And when I put the VBS in the Windows Scheduler it works fine as well! Even when nobody's logged in!

D'Mzz!
RoverM



0
 
LVL 26

Expert Comment

by:Vahik
ID: 9779960
Well i think u have answerd ur own question.Go to programming section and try to find out if there is any compatability issues when running vb.net against 2000 operating system.I bet that would run well on a 2003 system.sorry i dont have a clue about programming.
Good luck.
0
 
LVL 12

Author Comment

by:roverm
ID: 9780918
Vahik,
The Q is also in the programming section ;-) I already did that.
But since it has to be something with userrights I turned to the Exchange exports.

Thanks tho.

D'Mzz!
RoverM
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9789450
:0)
0
 

Expert Comment

by:Chris_Tull
ID: 9904795
hi roverm,

I have a very similar problem: I have implemented a VB6 service (ntsvc.ocx) which adds/removes scripting agents. From within a VB application: no problem. But by means of the service, everything seems to work, but the event service does not restart and the initialization fails. I suppose that it is related to insufficient access rights although I'm running the service as exchange admin LOGON account.

my question: do you have found a solution to your problem in the meantime...? would be a great help...

good luck, chris
0
 
LVL 12

Author Comment

by:roverm
ID: 9906504
Hi Chris,

I put all code in a VBScript and placed that script in the windows scheduler.
The script uses a normal profile to access the mailbox. Works great!

D'Mzz!
RoverM
0
 
LVL 12

Author Comment

by:roverm
ID: 9906523
Hi all, closed this Q.
I didn't get the answer I was looking for but maybe in the future I will have more time to look into it.
Thanks !

D'Mzz!
RoverM
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now