• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Exchange 2007 group permissions

Hi All,
  It seems we have had a security group that has been given a number of read permissions to mailboxes that it shouldnt. We have secured the system now but we are looking to track back how the permissions were put in place. We are compiling a list of user accounts that had the read permission attached to confirm if a patten of OU/Location/Group can be found as currently this seems to be random.

Is there any way we can track back the changes within the accounts to find who assigned the permissions? None of our engineers were remember pushing out such a change and so we want to be 100% that the network is secure.

Many thanks
0
ncomper
Asked:
ncomper
  • 2
1 Solution
 
ncomperAuthor Commented:
On Additional Digging it seems the Read permisison was pushed out to Two of the Exchange databases. Inorder for this to happen would this have needed to be pushed out by powershell?

Many thanks,
0
 
Praveen BalanSolution ArchitectCommented:
Yes, the ADPermissions are pushed through PowerShell

Command will be like,

get-mailboxdatabase - identity "<mailbox database identitiy>" | Add-adpermission -user <user or group name> -accessrights GenericAll -extendedrights <permissions>

you can get the current rights by

Get-MailboxDatabase -Identity "DB Name" |get-adpermission

-Praveen

0
 
ncomperAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now