Send on behalf allows SendAs?
I have just discovered that if you create an additional Outlook profile for a mailbox to which you have Full Access and Send on behalf, this allows you to SendAs that mailbox. I.E. the messages do not say they are from "user1 on behalf of user2", they just say they are from user2. However, if you are in your own Outlook profile and send as that mailbox using the From field, it does say "user1 on behalf of user2". This got me thinking exactly how this functionality works and I have been unable to find the answer. I have always assumed that (since Ex2k3 SP2 anyway), there have been 2 different permissions - send on behalf, which is assigned on the mailbox, and sendas, which is assigned on the AD account. Is this not the case? I guess this makes somewhat of sense since Send on behalf would only work if the logged-on account also has a mailbox; so it is just easier to allow SendAs. However, this is undesirable to me. I would think that if the currently logged-on user account has no mailbox and only send on behalf, then it should error-out and not send. Therefore you would need to change to SendAs permissions. This is better than the current situation where it actually allows a user to basically what i consider to be elevate their permissions simply be creating a new outlook profile. Can anyone confirm this behavior? Thanks, Dan
December 7th, 2010 9:18am

Hi Dan, The official article clarifies that if a delegate account also has Full Mailbox Access permission to a mailbox, the delegate user can send as the mailbox owner without having the Send As permission specified. And by default, the delegate accounts do not have Full Mailbox Access permission to the mailbox. And delegate account doesn’t only work when he/she logon on with the owner’s mailbox (when he/she has the Full Mailbox permission to the owner), but also work his/her profile without the additional mailbox. When a delegate account wants to open the owner’s mailbox, he/she can try to the steps (which avoids you grant the Full Mailbox permission to the delegate account) below. 1. Click File, and then choose Open. 2. Click Other User’s Folder. 3. Type the owner’s name and Folder type. And more information, outlook allows two types of sharing: · Folder permissions: This type of sharing allows selected others to view the content of a specific folder, but does not allow others to send email on your behalf. · Delegates: You can also designate delegates, who can have different permission but also the additional ability to send email on your behalf. Here is a link about how to grant the folder permission: http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/16d5d6da-6c48-4c5b-83d0-f53c5224b997 Best regards, Serena Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2010 3:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics