Solved

Exchange 2003 Mailbox Permissions

Posted on 2008-06-17
3
713 Views
Last Modified: 2013-11-15
We just came across an issue the other day that If our users found out could cause some serious harm. Somehow anyone with an exchange mailbox can open anyone else's mailbox including calendar. When I went into Mailbox Rights under the Exchange Advanced tab in AD I noticed that there were quite a few users that had access to my particular mailbox. However when I tried to remove them I would get the following message:

 "You can not remove "Everyone" because this object is inheriting permission from its parent directory. Turn off the option for inheriting permissions, and then try removing again."

How can I fix this so that I can remove "Everyone" from being able to view everyones mailbox?
0
Comment
Question by:FBTC_Helpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
DocCan11 earned 250 total points
ID: 21807912
Find a point above your user accounts and turn off inheritance.. this seems very strange.. it seems as if someone who did not know what they were doing added the everyone group to AD permissions.. I would try and find this and remove it.. It will be in your AD somewhere..
0
 
LVL 4

Assisted Solution

by:pamiken
pamiken earned 250 total points
ID: 21808017
Wow,  that's really bad.  Goto Exchange system manager.

open -server
right click your server, goto "security" tab
assign appropriate permissions.  

If it's not there then go down the tree (ie right click "first storage group", security, etc)

0
 

Author Comment

by:FBTC_Helpdesk
ID: 21824467
Just out of curiosity, what users/groups should be listed under mailbox rights under the Exchange Advanced tab in AD?
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Using Adobe Premiere Pro, the viewer will learn how to set up a sequence with proper settings, importing pictures, rendering, and exporting the finished product.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question