Solved

Default permissions in Exchange 2010 Database

Posted on 2014-03-25
2
248 Views
Last Modified: 2014-04-01
I am fairly new to Exchange 2010 administration and have inherited a system that was set up by previous administrators that are no longer with the company.

I need to remove any non-default permissions granted by the previous administrators.  One of the permissions set at the organization level is for "NT Authority\System".  I checked with another Exchange Admin and he does not have this permission set on his system.

Here are the permissions at the organization level:

Get-OrganizationConfig|get-adpermission -user "nt authority\system"|fl *


PSComputerName      : server.domain.dom
RunspaceId          : 46053498-3d13-4b48-a7af-b0fef6d1048f
AccessRights        : {ExtendedRight}
ExtendedRights      :
ChildObjectTypes    :
InheritedObjectType :
Properties          :
Deny                : False
InheritanceType     : All
User                : NT AUTHORITY\SYSTEM
Identity            : XXXXXXXXXXXXX
IsInherited         : False
IsValid             : True

Does the SYSTEM account have these permissions by default or was this added later?
0
Comment
Question by:Eddie2010
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 39954447
The question is now, what the GUID represents, at least I can say, I have system permissions as well.

Be carefully with removing permissions, nevertheless Exchange handles most of the permissions by its own groups. There is a huge amount of permissions in AD and deleteing the wrong ones can start a big mess.

Check who is member of the default Exchange groups and take care of user accounts, which are in there. Check the permissions on the mailboxes (full, send as) id there are unusual permissions.

System accounts can even be connected to services, whch interacts with exchange, i.e backup software or Blackberry etc. So before deleting any permissions, make sure no service is needing them.

The most common permission problem is mostly, that users or user groups have permissions an mailboxes to get access to them. But even this can have a reason, i.e. or systemic mailboxes used by some services.
0
 

Author Comment

by:Eddie2010
ID: 39969743
This isn't really a direct answer to the question I asked and you included a lot of superfluous information, but no one else has responded so I guess you get credit.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I didn’t use eM Client for long when I decided to swap to Outlook 2016. The reason for the switch is that it started asking for payment to continue some of its services after one month.   The problems I faced when I didn’t pay were:   I was not …
As freelancing is becoming more and more common in the tech industry, certain obstacles are proving to be a challenge to those who are used to more traditional, structured employment. This article is meant to help identify such obstacles and offer a…
This video shows the viewer how to set up and create Footnotes in their document. Click on the References tab: Select "Insert Footnote": Type in desired text:
This video shows where to find templates, what they are used for, and how to create and save a custom template using Microsoft Word.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question