mailbox and minum user permission
Hi guys,
i need to create a service mailbox for some application but i want that the user used for mailbox access can't logon in to domain or have a minimum permission to access only to email.
Can i create a domain users with few permission ? How i can configure it ?
Thanks in advance.
i nedd to
October 11th, 2011 7:45am
Well, need a bit more clarification but, from what I "Think" you are saying:
1) you want to create an account with email
2) You do not want this to be a domain account
3) Sorry, not clear on this but this account would run as a service?
As best as I am aware, you would have to have a domain account. One of our other users on this forum has discussed to this before:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrmigration/thread/c7d6f7b6-6f12-4956-ad5d-b88e85d56a97/
Hope this leads you to what you are looking for...
James
Free Windows Admin Tool Kit Click here and download it now
October 11th, 2011 9:04am
Version of Exchange would help here.
If Exchange 2007 and higher then you need to create an account as normal, then convert it to a Shared Mailbox. This will disable the user account part so that the account cannot be used on the domain.
If Exchange 2003, then an account will have to be created as normal, then change the log on to options so that only the Exchange 2003 server is listed. The account shouldn't be usable from elsewhere.
In both cases, after creating the account you will then need to grant another user/s permissions to the mailbox in the usual way.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
October 11th, 2011 9:35am
Hi to all,
i try to give more information....
Usually we create a domain users account that have a mailbox and a user access to own mailbox via OWA.
There is a little security problem because we don't want that some of this windwos account that have a mailbox can also access to windows doman (logon on domain for another pc etc...)
So the question is:
can i create a mailbox and user with minum privilegy to access only to own mailbox and don't ha a capability to logon in to domain ?
The exchange version is 2010 SP1
Thanks in advance.
Free Windows Admin Tool Kit Click here and download it now
October 11th, 2011 9:49am
Here is an interesting article on Resource Mailboxes.
http://blogs.technet.com/b/exchange/archive/2007/05/14/3402515.aspx
David Jenkins
October 11th, 2011 12:10pm
Hi to all,
i try to give more information....
Usually we create a domain users account that have a mailbox and a user access to own mailbox via OWA.
There is a little security problem because we don't want that some of this windwos account that have a mailbox can also access to windows doman (logon on domain for another pc etc...)
So the question is:
can i create a mailbox and user with minum privilegy to access only to own mailbox and don't ha a capability to logon in to domain ?
The exchange version is 2010 SP1
Thanks in advance.
The answer I gave above applies. A mailbox must have an AD account, a Shared Mailbox is ideal for this task as it doesn't allow the AD account to be used.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
October 11th, 2011 12:15pm
Hi Simon,
i seen your post and i know a shared mailbox features but after created it however i need to create a domain account for a mailbox access.
So i think that in my scenario this solution is the same as tipical user mailbox.
In my scenario i need to create email for consulting but i don't want that the user that have access to mailbox can be used form someone also to logon to domain....
It's possibile have minumim privilage for this account for example less then a domain user ?
Thanks in advance.
October 11th, 2011 1:11pm
See if this helps -
http://social.technet.microsoft.com/Forums/en-AU/exchangesvrgeneral/thread/da93b723-8d0f-497d-9b1e-6507fec5f81aSukh
Free Windows Admin Tool Kit Click here and download it now
October 11th, 2011 1:31pm
Hi Simon,
i seen your post and i know a shared mailbox features but after created it however i need to create a domain account for a mailbox access.
So i think that in my scenario this solution is the same as tipical user mailbox.
In my scenario i need to create email for consulting but i don't want that the user that have access to mailbox can be used form someone also to logon to domain....
It's possibile have minumim privilage for this account for example less then a domain user ?
Thanks in advance.
Nothing that you have written changes my answer I first posted. I don't know how many times I have to write it.
You cannot have a mailbox without an AD account. A Shared Mailbox disabled the AD account. Which bit of that do you not get?
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
October 11th, 2011 5:42pm
See that link I posted, like mayve restricting a single PC a user can log onto (a dummy one)Sukh
Free Windows Admin Tool Kit Click here and download it now
October 11th, 2011 6:28pm
See that link I posted, like mayve restricting a single PC a user can log onto (a dummy one)Sukh
October 12th, 2011 1:21am
Hi Sembee,
shared mailbox have a disable users by default but another valid accoutn is needed to access to email and so i returned to my problem.
I don't want a AD account that can a logon to domain but want custom account for access "only" via OWA to own maibox! It' s possible ?!?!?
I seen a Sukh838 reponse with a "dummy pc" trick so i thinks to try it!
Thanks.
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2011 8:07am
I don't really think Sukh828's link was the answer. I totally agree you must have an account to login to.
Alter1974,
Two Anwsers:
1. Create a second domain with a one way trust. Create a Linked Mailbox account. Use the new domain for the untrusted users only. They will be able to logon to the mailbox and won't be able to logon to the secured domain. Since
there are no PC's in the second domain there is nothing to login to.
2 . Create a regular account for the user and setup the mailbox. Then restrict access to that account to only logon to a single PC. That PC Name should be a dummy name, a pc that doesn't exist. Exchange OWA uses a service account
to actually do the accessing of the mailbox. It's like a proxy, so I'm thinking the user would still be able to login.
David Jenkins
October 12th, 2011 9:27am
Of course make the second domain in it's own forest. Otherwise it's a two way trust and users would be able to logon to PC's.David Jenkins
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2011 11:03am
Hi David,Sukh828,Seembee, all :)
i have tried as suggest Sukh828 but not work!
I have solved configuring a tipically user mailbox (with AD user) , add user to a specific group that i created previuos , configuring a group policy on OU for this group for :
-deny logonlocally
-deny remote desktop
-deny logon across network
and now works :) The user can connect to own mailbox only via OWA!
I hope that it's will usefull other people.
Thanks.
October 12th, 2011 11:43am
Glad to hear it. There are tons of solutions out there. :)David Jenkins
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2011 11:47am