Permissions issue
Somehow I have managed to give all domain users access to all mail boxes. I need to undo this. If I remove domain users from the manage full access permission in the GUI, the user gets "unable to open your default e-mail folders. you do
not have permission to logon."
We were attempting to allow users to access a common mail box.
October 22nd, 2010 1:11pm
which version of exchange ? where have you given the rights on the DB level. There may be inheritance which you have to deal with.
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 1:21pm
It's Exchange 2007... I have looked in the full access gui, and i do see domain users in there, and if i remove that, the users can not even access their own mailboxes.
Thanks,
Bryan
October 22nd, 2010 5:42pm
On Fri, 22 Oct 2010 17:09:01 +0000, Bryan Thorell wrote:
>Somehow I have managed to give all domain users access to all mail boxes. I need to undo this. If I remove domain users from the manage full access permission in the GUI, the user gets "unable to open your default e-mail folders. you do not have permission
to logon."
Assuming you haven't modfied each mailbox individually, you've
probably given some group (Everyone, Authenticated Users, Domain
Users, etc.) the "Receive As" permission somewhere in the
configuration container of the AD.
You can use ADSIEDIT to find where you've done this.
Start at the user and see if the "Receive As" permission is inherited
by some group. Then work your way up the Exchange hierarchy starting
at the mailbox database, looking for where you've assigned that
permission
If, for example, you've given the Everyone group this access, siply
remove the access. Don't remove the Everyone group, and certainly
don't *deny* that group access!
>We were attempting to allow users to access a common mail box.
You only have to modify the single mailbox for that.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 9:55pm
On Fri, 22 Oct 2010 21:40:12 +0000, Bryan Thorell wrote:
>
>
>It's Exchange 2007... I have looked in the full access gui, and i do see domain users in there, and if i remove that, the users can not even access their own mailboxes.
What the "full access gui"? Do you mean when you select the mailbox
and click "Manage Full Access Permission..." in the Actionpane, or
right-click the mailbox and select "Manage Full Access Permission..."
from the context menu?
The "Domain Users" group shouldn't be in there. You should have the
"Exchange Domain Servers" group, and the "SELF" user in the list.
It sounds like you've been messing with permissions in ways that you
shouldn't be.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
October 22nd, 2010 10:01pm