Exchange 2010 mailbox permission.
Hello,
We use Exchange 2010 environment.
When I go to Manage Full Access Permission, I see there is an security Principal entry: "NT AUTHORITY\REMOTE INTERACTIVE LOGON".
Do someone know what that means? I just need to know if someone will have access to a mailbox? What if I remove that entry there?
Thanks.
We use Exchange 2010 environment.
When I go to Manage Full Access Permission, I see there is an security Principal entry: "NT AUTHORITY\REMOTE INTERACTIVE LOGON".
Do someone know what that means? I just need to know if someone will have access to a mailbox? What if I remove that entry there?
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Looking at some articles i think it requires some rights for backup\restore as i am seeing this on a lot of Symantec blogs.
- Rancy
- Rancy
As said its also used by Terminal servers when users log into their mailbox from Terminal servers.
Well as you area aware this is a system-managed group which is used in RDP (your security principal is added to this group when you use RDP). You say this appeared there, can you tie in when - did it perhaps coincide with installation of a program - maybe an Enterprise level program, and likely one which allows remote access ? If the answer is yes then all you should need to do is consult the documentation on the permissions the service account needs/
If the answer is no, I have personally not heard of this on an Exchange mailbox permission. I would advocate that you remove this from a non-essential mailbox but one which you are able to assess the impact, and maybe verify over a period of time that you get no related permissions errors in the event log.
If the answer is no, I have personally not heard of this on an Exchange mailbox permission. I would advocate that you remove this from a non-essential mailbox but one which you are able to assess the impact, and maybe verify over a period of time that you get no related permissions errors in the event log.
How are your users connecting to their mailboxes? If they are using RDP from a home computer for instance then that would be considered a Remote Interactive logon and if thats how they access e-mail it may be nothing to worry about. i checked our users and none of them have that right bit they use outlook or OWA only via LAN or VPN not RDP
It is my understanding that the users are added dynamically to this group, and therefore removed once the RDP session is closed down. For this group to have these permissions on your mailboxes, I would suspect that an application has been installed which adds this, but it could be that this is created when users use TS to access their Exchange MBXs - maybe someone with this configuration can confirm/deny this ? Do your own users access via TS ?
The last thing I would check is what accounts are members of this group - this may well give you a clue as to why it has the Full Control on all mailboxes ?
Hope this is useful
The last thing I would check is what accounts are members of this group - this may well give you a clue as to why it has the Full Control on all mailboxes ?
Hope this is useful
ASKER
Guys, is there a way to log when an account is being added to permission of a mailbox?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have mailboxes which have "NT AUTHORITY\REMOTE INTERACTIVE LOGON" appears in Managed Full Access Permission all of the sudden. I am not sure of where it comes from. Usually, I see "NT AUTHORITY\SELF", and "NT AUTHORITY\SYSTEM" in regular mailboxes.