Forum Discussion

mayu's avatar
mayu
Level 4
13 years ago

Archive Explorer shows another users email

Hi All,

I was very surprised when I saw few other users shown in the archive explorer  when I open archive explorer through OWA

e.g I open users A archive explorer and I can access mails of users B,C,D etc.(Kindly find an attachement for more clearity)

When I try to get more information I found that, EV service account has give read write and delete permission on these users vault.

Please help me.

Thanks

  • When you open up AE, are you logged on with the evadmin credentials? Because you said you can see that the archives in the VAC show the evadmin has read/write/delete... Meaning its doing exactly what it's meant to do
  • Enterprise Vault synchronizes these changes.  The permissions can be turned off on the EV side (in the VAC) or on the Exchange server (after which you will need to wait for - or force - a synchronization of the permissions via the appropriate EV archive task).

  • It seems user who can see other user's archive through AE has permission on other user's mailbox. You can remove this permission from Exchange server side and the same will get replicated to EV.

    Note- Some permissions are not visible in Exchange side because its given through Outlook and you can use 'PermissionBrowser.exe' to find out who has permission in the folder level.

    If you are looking for a tool from Exchange side to report permission on the whole mailboxes in the production then please follow below link,

    http://gallery.technet.microsoft.com/scriptcenter/Generate-HTML-Report-for-da0f5132

     

    Hope this helps!

  • When you open up AE, are you logged on with the evadmin credentials? Because you said you can see that the archives in the VAC show the evadmin has read/write/delete... Meaning its doing exactly what it's meant to do
  • Thanks all of you

    My problem has resolved after I remove the permissions given to EV service account on these users vault and forcely synchronise permissions via archive task.

    It also clear that this is due to the rights given to the EV service account and not from exchange side

    but still I am not clear why it was showing to other users?

    I have not provide EV service account credentials at all when I open archive explorer.

     

     

  • I am not getting the point that you have removed the permission from EV side for Service account and after that all other user are not able to see the itesm! Since you have only cleared the permission of service account how that affected others?

  • Hi Ameen,

    That is one of the mystery I haven’t understand my problem had resolved but still I have not understand the reason behind that

    If I provide read write and delete permission on few users archive vault to EV service account that users vault is accessible to other users through archive explorer

    This is an expected behavior in EV?