Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

Exchange 2007 group permissions

Hi All,
  It seems we have had a security group that has been given a number of read permissions to mailboxes that it shouldnt. We have secured the system now but we are looking to track back how the permissions were put in place. We are compiling a list of user accounts that had the read permission attached to confirm if a patten of OU/Location/Group can be found as currently this seems to be random.

Is there any way we can track back the changes within the accounts to find who assigned the permissions? None of our engineers were remember pushing out such a change and so we want to be 100% that the network is secure.

Many thanks
0
ncomper
Asked:
ncomper
  • 2
1 Solution
 
ncomperAuthor Commented:
On Additional Digging it seems the Read permisison was pushed out to Two of the Exchange databases. Inorder for this to happen would this have needed to be pushed out by powershell?

Many thanks,
0
 
Praveen BalanSolution ArchitectCommented:
Yes, the ADPermissions are pushed through PowerShell

Command will be like,

get-mailboxdatabase - identity "<mailbox database identitiy>" | Add-adpermission -user <user or group name> -accessrights GenericAll -extendedrights <permissions>

you can get the current rights by

Get-MailboxDatabase -Identity "DB Name" |get-adpermission

-Praveen

0
 
ncomperAuthor Commented:
Thanks
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now