Solved

Inherited Permissions and Exchange 2003

Posted on 2003-11-26
7
954 Views
Last Modified: 2011-09-20
We upgraded from Win2k Domain Exch5.5 to Win2k3 Domain Exch2003.  Now I understand that the security and stuff is controlled from Active Directory Users and Computers (ADUC) now.  But I am experiencing a problem.

With Exch5.5 we could (locally on the mail server) open any users mailbox by changing the mailbox properties on the local outlook icon.  However with our new stuff we get 'access denied you do not have permission' even though we are logged in as a domain admin (=exchange admin).  

Looking in ADUC Exchange Advanced tab Mailbox Rights, advanced settings there is a deny line for 'Full Mailbox Access' for Domain admins, enterprise admins, Exchange domain servers  and Administrator.  IT's inheriting from someplace but I cannot figure out where.  There is no 'allow inheritance' checkbox to remove the inheritance like there is on file and folder permissions.

What gives?

0
Comment
Question by:wokwon
  • 4
  • 3
7 Comments
 
LVL 26

Expert Comment

by:Vahik
ID: 9829521
If u go to ur ESM mailbox store properties psge\security can u give urself or admins full control including send as ans recieve as?
0
 

Author Comment

by:wokwon
ID: 9829560
Well I *could* give send as and recieve as if i remove the inherititence from the mailbox store.  Will this allow 'Full Control' for admins to be applied for all mailboxes?  I don't want to be able to send as, I want to be able to open the mailbox in outlook from the server like I used to be able to in Exch5.5

Thanks for your suggestion.
0
 
LVL 26

Accepted Solution

by:
Vahik earned 150 total points
ID: 9829561
Listen what the heck i am talking about.There should be an allow permission box so just check it.In 2000 and later that is by design and u should either enable it on individual basis or u go and give urself
full permission on the mailbox store.I misstook allow inheritance with allow permision box.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 26

Expert Comment

by:Vahik
ID: 9829566
Just go to the specific users properties page \mailbox right and give urself allow full mailbox permission and u will be able to do what u want to do.
0
 

Author Comment

by:wokwon
ID: 9829572
Bingo!  You are my hero.
0
 
LVL 26

Expert Comment

by:Vahik
ID: 9829585
wokwon in order for u to have full mailbox right to any mailbox store
u must give urself send as and recive as permission on that store.In certain situations u may need to have that right like when u want to use exmerge to export all the users from a certain mailbox store.anyways thanks and goodluck.
0
 

Author Comment

by:wokwon
ID: 9829593
"Just go to the specific users properties page \mailbox right and give urself allow full mailbox permission and u will be able to do what u want to do. "

My problem was that the specific users properties page was inheriting from somewhere and I didn't know where.  As you said, it inherits from the information store.  In hindsight, that seems perfectly logical but previously had me stumped.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now