Hi, We are currently having an issue with a couple of user's who have discovered that they are able to Send As other users. When we try to do this with test user's, we are told that we don't have permissions (which you would expect). The user's aren't in groups that seem to give them the rights to Send As They are in separate OU's so we dont think its an OU rights issue They are not able to Send As on Exchange Admins So far its only these two user's that seem to be able to inexplicably be able to Send As, but as we dont know what to check for we dont currently know how many user's have this ability. The user's (and the user's they are able to send as) currently reside on an Exchange 2007 server. If anymore information is required then please let me know. Thanks in advance.

To find users with Send As permission you culd use EMS. Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”)} | FT -Wrap You can eliminate SELF permissions for all mailboxes from your output Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap You can eliminate Inherited Send AS permission Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap If you like export your result to file (excel....) Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV sendas.csv For managing Send AS permission you can also use Active Directory Users and Computer. http://blogs.technet.com/b/exchange/archive/2005/01/07/348596.aspx Gorazd