2003 ExMerge Permissions Issue
My domain\administrator account is a member of Enterprise Admins... by default this group has deny send as and recieve as for Exch 2003. I went to the top org level in my sys manager and use the delegate control to set Enterprise Admins to be Full admin.. when it was setting the permissions I can an error that it cant apply the permissions... then I go back and look at the enterprise admins group and they DONT have the deny box checked... but yet I still cant open mailboxes with my administrator account.
Two questions..
1 how to resolve this permission issue? where the group is denied but it isnt showing up?
2 where do the top level permissions inherit FROM? They are showing as they inherited from somewhere.. but where? This is the top level. I am running a mixed mode org right now with one 5.5 server there as well.
Thank you
Two questions..
1 how to resolve this permission issue? where the group is denied but it isnt showing up?
2 where do the top level permissions inherit FROM? They are showing as they inherited from somewhere.. but where? This is the top level. I am running a mixed mode org right now with one 5.5 server there as well.
Thank you
ASKER
I got around it by creating a new user... then I thought that I would be able to add that user to the Exchange Admins group and it would resolve the problem but it didnt.. I had to explicitly define the account at the top level of the org... I dont understand this.. if Exhange Admins have full control why would I have to define the user?
YOu need to define the permissions at the org level (top) as you said. Also need to override the "deny" on "send as" and "recieve as" for all groups for which the user account (presumablly ) is a member. Groups permissions are probably overriding the user settings. Also there is a registry key that you have to change. I'll look for that an post again.
I think this is what you need.
http://support.microsoft.com/default.aspx?scid=kb;en-us;821897&Product=exch2003
Mike
http://support.microsoft.com/default.aspx?scid=kb;en-us;821897&Product=exch2003
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is a good article... problem is I have done this... I have the security tab shown... for all reasoning there are no deny's set.. I did learn that I can override an inherited right though.. which I did not know.... I will post back tomorrow.
Thanks
Thanks
Just to be sure - the registry key is necessary if you haven't done that part yet. I went though the same scenario earlier today. Good luck!
ASKER
Without the key you cant see the tab.... understood.
Thanks
Thanks
ASKER
Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)