Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

exchange security settings

Posted on 2011-02-18
7
Medium Priority
?
238 Views
Last Modified: 2012-05-11
I have a mix exchange 2k and  ex07 environment with public folders
when I go to exchange top level properties security tab (on ex2k) I do  have two S-1-5.................  account which were removed, however I can't  remove them as they are inherited .
How do I remove them? where is it inherited from?
0
Comment
Question by:leop1212
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 34927655
Check at the root level in AD for your domain
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34927670
I am not really familar at all with Exchange 2K however
 - the 2 S-1-5 account are generally old accounts which have been remote or deleted somehow. They have been assigned privalages to access these files but have since been deleted. This is how it generally is for most files, but I am not sure if maybe there is some "built-in" accounts like this for Exchange 2K.
 - If they are inherited, they are usually inherited from the folder above it. Most of the time when you change a folder permission on a top folder, you can set it to change permissions on those underneith.
WARNING: THIS MIGHT BREAK YOUR SYSTEM
 - to change settings and remote
 - Right Click item, Properties, Security Advanced, Owner - assign yourself
 - Go to Permissions, change permissions remove all enteries and disable inherited, then add your user with full control.
 - Close down, go back in there and you should be able to delete
NOTE: Windows may stop you from doing this because it might break something.
0
 
LVL 44

Expert Comment

by:Amit
ID: 34927715
You might need to use PFDAVAdmin tool to reapply the permission again

http://technet.microsoft.com/en-us/library/bb508858(EXCHG.65).aspx
0
 

Author Comment

by:leop1212
ID: 34927765
these accounts are not listed under domain sucurity
in pfdavadmin I do not see security tab only export security.....
and my ex2k ESM give me same access as pfdavadmin
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 35031288
You will need to use ADSIEDIT to edit the permissions for the Exchange organization.  Adsiedit is one of the tools that are installed with the Support Tools from the Windows 2003 or 2008 CD. They can be installed from the Support/Tools folder on the installation CD.  Once you have the tools installed, click Start/Run and type "adsiedit.msc."CAUTION: USING THE ADSIEDIT TOOL IS DANGEROUS!!! YOU MUST BE VERY CAREFUL WHAT YOU CHANGE WHEN USING THIS TOOL, AS IT COULD CAUSE DAMAGE TO ACTIVE DIRECTORY PERMISSIONS. USE AT YOUR OWN RISK.

Once you have adsiedit.msc open, navigate to the following location:

Configuration [domain]/CN=Configuration/CN=Services/CN=Microsoft Exchange/CN=[Org name]/CN=Administrative Groups/[Group Name]

Right-click, go to Properties and click the Security tab. Look to see if those user accounts are there. If they are, you should be able to delete them.


0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question