Solved

Security settings overwritten by AD

Posted on 2006-10-31
1
212 Views
Last Modified: 2008-02-01

Hi
I have an issue which I have seen before but I just can't configure out how to fix it.

BASELINE
SBS2003 SP1 Exchange SP2 with IMF configured. Multiple email domains configured in Recepient Policy. E.G. abc.com, def.com and ghi.com. SMTP delivery, A and MX records all configured on hosting company site and ISP delievering mail fine.
User John had a logon account fully configured in AD with the primary SMTP mail address of abc.com
Two more accounts were created, john1 and john2 that had the respective def.com and ghi.com email address allocated to them.
In the security tab of john1 and john2, the original login account john was given full rights and within Outlook 2003 SP2 the FROM line was being used fine to send emails from abc.com, def.com and ghi.com
When John recieved emails they all went to his one Inbox and we could see which email account the external user had sent them through to: either as john, john1 or john2
Up until a week ago the following configurations were in place and working beautifully

CHANGE RESULTING in NON multi domain email SENDING ability
Installed Exchange SP2 and further released hotfixes. Configured IMF that now traps about 100Mb worth of SPAM weekly on all three domains - abc. def, ghi.
The security settings defined in the accounts john1 and john2 have disappeared and seem to have reveted back to a AD standard which includes a completely different user!
And so now John cannot send emails from any of the multi domains other than the primary one configured for his original logon account. He can continue to recieve all emails from all domains but when he replies and attempts to use the FROM field it results in a NDR unless he use his primary SMTP

WORK DONE TO RESOLVE
I have given john full control on accounts john1 and john2 but it doesn't stay. After an hour my settings disappear and reverts back to the standard.
Instead of applying Full Control, I have attempted to go into Advanced and just give Send as Permissions but this doesn't stay.
In john1 and john2 account when I go to the Security tab - Advanced - Effective Permissions and type in John, the effective permissions confirms that John does not have Full Control or Send As permissions.
I have seen this behaviour before and I believe a change is done in adsiedit.msc to ensure that the security settings stay in place but I am not sure. I once saw a Micrsoft guy fix it in dsadmin through the command prompt but have no idea of the syntax. I may be wrong on the solution.

Help on this would be very appreciative. I don't post many questions but on this one i'm stumped and my client is suffering as he cannot send emails from the other domains.

There are 5 users on site so I have the standard CAL that comes with SBS2003. I didn't suffer any CAL issues when I created the extra accounts john1 and john2 for mail delivery as no one was actually logging in with those identities although as a side question it would be nice to know whether I have 'device' or 'user' CAL's installed.

500 pointer - for urgency and effective fix.

Kind Regards
Robin
0
Comment
Question by:RobKanj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17847216
It's a rather complicated issue... but essentially SP2 changed the way the "Send as.." permissions are handled by shared resources.

You'll find a complete description and the solution here:  http://support.microsoft.com/kb/912918

Jeff
TechSoEasy
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question