ActiveSync Quarantine - Necessary Permissions to Approve/Decline Devices
Exchange 2010 SP1 deployed and the global ActiveSync policy is to Quarantine devices when they connect and then manually allow them. I would like to allow our Service Desk the ability to approve the devices, so I initially added them to the Exchange Recipient Administrators AD group. However, membership in that group does not allow the ability to manage the Quarantine devices through the ECP. The users can see the devices in Quarantine, but they cannot manage them. It seems that only membership in the Exchange Organization Administrators group allows the ability to manage the Quarantine through the ECP. Does anyone know of a way I can alter the RBAC permissions so that I don't have to grant full Organization rights?Trevor
March 2nd, 2011 9:06am

Hi Rovert, below article is about the features and permission required: Only the (Exchange ActiveSync device settings) feature you can give them Recipient Management permission, any other ActiveSync features you have to give them Organization Management, Server Management. http://msdn.microsoft.com/en-us/library/dd638131.aspx Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2011 3:54pm

The link(Client Access Permissions) is a right one. Or this is Technet link: http://technet.microsoft.com/en-us/library/dd638131.aspx If you want to hit the Allow buttom(or run the cmdlet Set-CasMailbox with parameter ActiveSyncAllowedDeviceIDs) Set-CasMailbox http://technet.microsoft.com/en-us/library/bb125264.aspx "To see what permissions you need, see the "Client Access user settings" entry in the Client Access Permissions topic. " You should be assigned the Server Management Role group. Frank Wang TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
March 3rd, 2011 2:23am

Hi Trevor, Any updates?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2011 8:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics