Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 530
  • Last Modified:

Will not let me remove everyone group from Mailbox Permission an inherited issue

The previous support guy, has done something with the permisson on our Exchange Server 2000, so everyone within the company can view other users inbox's and sub-folders.

For the life of me I can not find where you remove this option

If I go into Active Directory | Select any user "joe" | right click go to properties and then "Exchange Advanced" | Mailbox Rights
And try to remove the "Everyone" group.

It error messages me

"You can not remove the "Everyone" group because this object is inheriting its permission from its parent. To remove turn off inheriting permissions"

But there is no option to turn this off ?????


I have also check the IFS drive map or (M) drive that exchange add's.

If I go to M Drive | "domain name" | MBX - if I right click on MBX and select "security" is says unable to display
If I go below this and select the folder "Username01" and select security and un-tick inherit, and remove the "everyone" group users can still see "username01" inbox

Can anyone help ????

Regards

Stravze

0
stravze
Asked:
stravze
1 Solution
 
kristinawCommented:
strav,

go into the esm, drill down to the server, right click and select properties, check the security tab, and see what permissions have been assigned the Everyone group in that area.

Kris.
0
 
SembeeCommented:
"Everyone" does have certain privileges on mailboxes by default, so you have to be careful about removing them all as this can break Exchange.
You basically need to go up each level to see where the settings are being inherited from.
This will be store, admin group, server or the Exchange org.

If you cannot see security for the Exchange org, then you need to enable the feature in ESM. You will normally find it by right clicking on the Exchange org and choosing properties.

Otherwise...

1. Start the registry editor.
2. Go to HCU, Software, Microsoft, Exchange, ExAdmin
3. Create a new Dword Value of name "ShowSecurityPage" with the Value data = "1"
4. Close the registry editor.
5. Restart ESM.

Simon.
Exchange MVP.
0
 
ATIGCommented:
Start at the Org level and see if there are any delegations -- then move to the server level -- again becarefull with the everyone group remeber everyone is a memeber of it includeing the user who owns the mailbox
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
flyguybobCommented:
0
 
kristinawCommented:
just to clarify, if you'll note in my post I said CHECK the security tab to see what perms have been assigned, expecting this would be checked and the asker would report back. I never said anything about REMOVING the everyone group. I'll make sure to be more specific in the future.

Kris.
0
 
flyguybobCommented:
...Kristin... I think that, after years of doing this and seeing people blow up their systems, some posts contain "err on the side of caution" notes.  I could definitely forsee someone whacking Everyone from the root permissions @ the Org level (that's probably why it is hidden by default and requires a registry key to show).
  =^)
0
 
kristinawCommented:
maybe i should just let you 'professional answerers' answer all these questions. but at any rate, as i said i'll try and be a little more specific on the few questions i try to help out with every day. :)
0
 
flyguybobCommented:
Kristin - FYI...I am just an amateur =^)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now