User able to Send As when it hasnt obviously been set
Hi,
We are currently having an issue with a couple of user's who have discovered that they are able to Send As other users. When we try to do this with test user's, we are told that we don't have permissions (which you would expect).
The user's aren't in groups that seem to give them the rights to Send As
They are in separate OU's so we dont think its an OU rights issue They are not able to Send As on Exchange Admins
So far its only these two user's that seem to be able to inexplicably be able to Send As, but as we dont know what to check for we dont currently know how many user's have this ability.
The user's (and the user's they are able to send as) currently reside on an Exchange 2007 server.
If anymore information is required then please let me know.
Thanks in advance.
September 26th, 2011 4:45pm
To find users with Send As permission you culd use EMS.
Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”)} | FT -Wrap
You can eliminate SELF permissions for all mailboxes from your output
Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap
You can eliminate Inherited Send AS permission
Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap
If you like export your result to file (excel....)
Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV
sendas.csv
For managing Send AS permission you can also use Active Directory Users and Computer.
http://blogs.technet.com/b/exchange/archive/2005/01/07/348596.aspx
Gorazd
Free Windows Admin Tool Kit Click here and download it now
September 26th, 2011 10:37pm