Solved

Default permissions in Exchange 2010 Database

Posted on 2014-03-25
2
253 Views
Last Modified: 2014-04-01
I am fairly new to Exchange 2010 administration and have inherited a system that was set up by previous administrators that are no longer with the company.

I need to remove any non-default permissions granted by the previous administrators.  One of the permissions set at the organization level is for "NT Authority\System".  I checked with another Exchange Admin and he does not have this permission set on his system.

Here are the permissions at the organization level:

Get-OrganizationConfig|get-adpermission -user "nt authority\system"|fl *


PSComputerName      : server.domain.dom
RunspaceId          : 46053498-3d13-4b48-a7af-b0fef6d1048f
AccessRights        : {ExtendedRight}
ExtendedRights      :
ChildObjectTypes    :
InheritedObjectType :
Properties          :
Deny                : False
InheritanceType     : All
User                : NT AUTHORITY\SYSTEM
Identity            : XXXXXXXXXXXXX
IsInherited         : False
IsValid             : True

Does the SYSTEM account have these permissions by default or was this added later?
0
Comment
Question by:Eddie2010
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 39954447
The question is now, what the GUID represents, at least I can say, I have system permissions as well.

Be carefully with removing permissions, nevertheless Exchange handles most of the permissions by its own groups. There is a huge amount of permissions in AD and deleteing the wrong ones can start a big mess.

Check who is member of the default Exchange groups and take care of user accounts, which are in there. Check the permissions on the mailboxes (full, send as) id there are unusual permissions.

System accounts can even be connected to services, whch interacts with exchange, i.e backup software or Blackberry etc. So before deleting any permissions, make sure no service is needing them.

The most common permission problem is mostly, that users or user groups have permissions an mailboxes to get access to them. But even this can have a reason, i.e. or systemic mailboxes used by some services.
0
 

Author Comment

by:Eddie2010
ID: 39969743
This isn't really a direct answer to the question I asked and you included a lot of superfluous information, but no one else has responded so I guess you get credit.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redundant Exchange Servers DAG? 5 123
Replicate user and share data 8 60
Ransomware attacks 5 110
Word 2010 mail merge 3 100
Zimbra is famous for its platform independency, ability to manage multiple user accounts, easy assimilation with 3rd party applications, social network certification etc. Here, we discuss about how users can move multiple Zimbra user accounts to Exc…
The advancement in technology has been a great source of betterment and empowerment for the human race, Nevertheless, this is not to say that technology doesn’t have any problems. We are bombarded with constant distractions, whether as an overload o…
The viewer will learn how to make their project stand out over others by learning how to change colors and shapes, add spaces, change directions, and add bullets to their charts.
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question