• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

Default permissions in Exchange 2010 Database

I am fairly new to Exchange 2010 administration and have inherited a system that was set up by previous administrators that are no longer with the company.

I need to remove any non-default permissions granted by the previous administrators.  One of the permissions set at the organization level is for "NT Authority\System".  I checked with another Exchange Admin and he does not have this permission set on his system.

Here are the permissions at the organization level:

Get-OrganizationConfig|get-adpermission -user "nt authority\system"|fl *


PSComputerName      : server.domain.dom
RunspaceId          : 46053498-3d13-4b48-a7af-b0fef6d1048f
AccessRights        : {ExtendedRight}
ExtendedRights      :
ChildObjectTypes    :
InheritedObjectType :
Properties          :
Deny                : False
InheritanceType     : All
User                : NT AUTHORITY\SYSTEM
Identity            : XXXXXXXXXXXXX
IsInherited         : False
IsValid             : True

Does the SYSTEM account have these permissions by default or was this added later?
0
Eddie2010
Asked:
Eddie2010
1 Solution
 
BembiCEOCommented:
The question is now, what the GUID represents, at least I can say, I have system permissions as well.

Be carefully with removing permissions, nevertheless Exchange handles most of the permissions by its own groups. There is a huge amount of permissions in AD and deleteing the wrong ones can start a big mess.

Check who is member of the default Exchange groups and take care of user accounts, which are in there. Check the permissions on the mailboxes (full, send as) id there are unusual permissions.

System accounts can even be connected to services, whch interacts with exchange, i.e backup software or Blackberry etc. So before deleting any permissions, make sure no service is needing them.

The most common permission problem is mostly, that users or user groups have permissions an mailboxes to get access to them. But even this can have a reason, i.e. or systemic mailboxes used by some services.
0
 
Eddie2010Author Commented:
This isn't really a direct answer to the question I asked and you included a lot of superfluous information, but no one else has responded so I guess you get credit.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now