Forum Discussion

wbeukers's avatar
wbeukers
Level 1
11 years ago

Domain admin rights on permissions Tab Vault Archive

Dear all,

 

Since a couple of weeks we are testing Exchange 2010 in combination with Enterprise Vault 10. Everything seems to be run good, but when the domain admins go to their archive explorer they see all the maiboxen which are migrated to the 2010 environment.

The mailboxes have domain admins rights, but we don't want the domain admin as Automatically set in the permissons. How can we tackle this problem?

  • disabling inherited permissions across the board might impact the general users so the other option would be to use EVPM and apply a deny across "ALL" for the domain admins.

    How to give permissions to an archive using Enterprise Vault Policy Manager (EVPM)

    Article:TECH69114  |  Created: 2009-01-25  |  Updated: 2013-11-15  |  Article URL http://www.symantec.com/docs/TECH69114
  • Hello Wbeukers,

    This probably is a setting in the Advanced tab of the Mail-archiving policy.

    Have a look at the following settings for Archiving General:

    Include Default and Anonymous permissions - should be off.

    Inherited permissions - should be off.

    Synchronize folder permissions - should be on.

    Most likely, your domain admins group has permissions on the mailboxes in Exchange. Those permissions are automatically synced. To remove these, (as far as I know) you need to zap all archives (check the utilities guide) and strip the permissions. When done, you need to rerun provisioning, then sync all mailboxes (tick Include permissions).

    I have the same (inherited permissions on archives), I found it too much hassle to remove all permissions and resync. As far as I know you cannot selectively remove permissions for a group/account on an archive. You might be able to something in SQL, but perhaps you need to talk to support.

     

     

  • disabling inherited permissions across the board might impact the general users so the other option would be to use EVPM and apply a deny across "ALL" for the domain admins.

    How to give permissions to an archive using Enterprise Vault Policy Manager (EVPM)

    Article:TECH69114  |  Created: 2009-01-25  |  Updated: 2013-11-15  |  Article URL http://www.symantec.com/docs/TECH69114