Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Default permissions in Exchange 2010 Database

Posted on 2014-03-25
2
Medium Priority
?
279 Views
Last Modified: 2014-04-01
I am fairly new to Exchange 2010 administration and have inherited a system that was set up by previous administrators that are no longer with the company.

I need to remove any non-default permissions granted by the previous administrators.  One of the permissions set at the organization level is for "NT Authority\System".  I checked with another Exchange Admin and he does not have this permission set on his system.

Here are the permissions at the organization level:

Get-OrganizationConfig|get-adpermission -user "nt authority\system"|fl *


PSComputerName      : server.domain.dom
RunspaceId          : 46053498-3d13-4b48-a7af-b0fef6d1048f
AccessRights        : {ExtendedRight}
ExtendedRights      :
ChildObjectTypes    :
InheritedObjectType :
Properties          :
Deny                : False
InheritanceType     : All
User                : NT AUTHORITY\SYSTEM
Identity            : XXXXXXXXXXXXX
IsInherited         : False
IsValid             : True

Does the SYSTEM account have these permissions by default or was this added later?
0
Comment
Question by:Eddie2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 1000 total points
ID: 39954447
The question is now, what the GUID represents, at least I can say, I have system permissions as well.

Be carefully with removing permissions, nevertheless Exchange handles most of the permissions by its own groups. There is a huge amount of permissions in AD and deleteing the wrong ones can start a big mess.

Check who is member of the default Exchange groups and take care of user accounts, which are in there. Check the permissions on the mailboxes (full, send as) id there are unusual permissions.

System accounts can even be connected to services, whch interacts with exchange, i.e backup software or Blackberry etc. So before deleting any permissions, make sure no service is needing them.

The most common permission problem is mostly, that users or user groups have permissions an mailboxes to get access to them. But even this can have a reason, i.e. or systemic mailboxes used by some services.
0
 

Author Comment

by:Eddie2010
ID: 39969743
This isn't really a direct answer to the question I asked and you included a lot of superfluous information, but no one else has responded so I guess you get credit.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PaperPort has a feature called the "Send To Bar". It provides a convenient, drag-and-drop interface for using other installed software, such as Microsoft Office. However, this article shows that the latest Office 2016 apps (installed with an Office …
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question