"send as" permission being removed exchange 2007
Hi, we have an exchange 2007 which when we set send as permissions on mailboxes through the management console, they get removed after a period of time.
i have read another thread on this issue in here but the answer was not conclusive as our user is not a member of any protected groups. it would seem to be a timeout issue that after an hour the right gets removed.
does anyone know how to fix this issue as we have users that need send as permissions but we have to keep checking that the permisions are still there.
Any help would be much appreciated.
Chris.
October 15th, 2010 10:57am
Is security inheritance enabled on those accounts? Sure they arent members of any elevated groups?
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2010 11:30am
Hi Andy, they do not have any memberships for elevated groups. How would we go about checking for security inheritance?
Cheers
Chris
October 15th, 2010 11:35am
Increase diagnostic logging as it will throw event for change.
From EMC/Ser_name\.....diagostic logging and select appropriate field and level.
Will be helpful
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2010 11:41am
On Fri, 15 Oct 2010 15:32:07 +0000, MusicalChris wrote:
>Hi Andy, they do not have any memberships for elevated groups. How would we go about checking for security inheritance?
Well, if they aren't (or weren't) then the permission wouldn't be
reset.
Check the "adminCount" property value on the user object in the AD. Is
it zero? If not then they either ARE or WERE a member of a 'protected'
group.
Search for "AdminSDHolder" in a search engine. If you're sure the user
is NOT a member of any pf the protected groups you can use LDP or
ADSIEDIT to set the adminCount property to 0 and then enable
inheritence on the user. If the adminCount gets set back to 1 after a
while you can be sure that the user is a member of a protectred group
(maybe not diectly, but perhaps by being a member of a group that's a
member of a protected group),
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
October 15th, 2010 12:35pm