cancel
Showing results for 
Search instead for 
Did you mean: 

All Public Folders showing in the Outlook and Web Search for users with no access

Davismisbehavis
Level 4

Trying to get to the bottom of a little issue here

I'm currently in the testing phase of our V8.0 rollout,  We have been archiving a root public folder that contains numerous sub folder levels.  This has been working as expected however I have noticed that when I conduct a search (outlook or web) I can see these public folders in the archive even though the user has no access to them.

Does it not sync public folder permissions in the same way as the mailboxes, i.e. I should only see what I have access to in the vault drop down.

We have a lot of public folders and what I don't want is hundreds of public folders in the drop down and then the users vault at the very bottom.

The consultant also configured it so that it shows \root level\1st sub folder if I do have to live with this in the drop down can I remove the inclusion of that 1st sub folder level?

Thanks in advance

D.Misbehavis

2 REPLIES 2

Paul_Grimshaw
Level 6
Employee Accredited Certified

we only sync perms that are on the folders so you have something somewhere that is giving these users access. Use the permissionbrowser.exe tool that will be in your enterprise vault directory and this will show you the permission information that is on the public folder archive.

Then you will be able to see why users can access these archives

Davismisbehavis
Level 4

Hi Paul

Many thanks for your help on this one.  I utilised the permissionbrowser.exe and found the following were set, (see below)

The read folder permission was being assigned through the folder visible attribute for the default and anonymous entries within the ACL.  changing it and then running the Public folder task amended it and removed them from the search drop downs

    Header:
      AceType: ACCESS_ALLOWED_ACE_TYPE
      AceFlags:
    Mask: 0x2
DV_DS_READ_FOLDER     
DV_DS_ADD_ITEM
    Sid:
      SID: S-1-5-11
      Name: Authenticated Users
      DomainName: NT AUTHORITY

    Header:
      AceType: ACCESS_ALLOWED_ACE_TYPE
      AceFlags:
    Mask: 0x2
DV_DS_READ_FOLDER     
DV_DS_ADD_ITEM
    Sid:
      SID: S-1-5-7
      Name: ANONYMOUS LOGON
      DomainName: NT AUTHORITY