10-27-2013 09:35 PM
I have been getting these queries quiet sometime. Need help with this.
There is a user say X and he can see multiple mailboxes in his archive explorer. I understand that X user has access to those mailboxes that is the reason he could see those in the archive explorer. But the challenge is the mailboxes which this X user had these access they are no more associated with organization so I don’t those mailboxes in the Global Address List because it has been deleted. How do remove these permissions so that X users should see only his vault in the explorer.
10-27-2013 09:45 PM
Do you see deleted archives in the Vault Admin Console (VAC) ?
If you can see the archives in the VAC then simply remove User X from the access control list of the
archives of deleted mailboxes
10-27-2013 09:56 PM
I am checking this. Any other way through SQL ?
10-27-2013 10:02 PM
Refer to below articles.
http://www.symantec.com/docs/TECH35574
http://www.symantec.com/docs/TECH44818
10-27-2013 11:57 PM
Hi San,
You need to manually remove this user from other user archives from "Permission" Tab. If you see overthere that those refelct as Automatically then you need to remove this (X) user from Exchange server delegation / from outlook where other user delegates rights to this user.
10-28-2013 08:34 AM
Hi,
If these permissions where applied from Exchange or Outlook, the archives would have the permissions automatically assigned from Exchange. You need to remove these permissions using an EVPM script and synchronize the permissions again from the archiving task:
How to remove all permissions from an archive using Enterprise Vault Policy Manager (EVPM)
http://www.symantec.com/docs/TECH44818
- Manually set permissions on vault administration console
- Inherited Exchange permissions
In both situations there will be necessary to identify what is causing the issue, removing all permissions will help to acomplish it
This can be achieved by creating an EVPM script, specifying the particular details and running it against the affected archive(s).
[Directory]
DirectoryComputerName=kvsvault
SiteName=archivesite
[ArchivePermissions]
ArchiveName=Mary Jones
Zap=True
Notes:
a. Modify the script above to match the particular DirectoryComputerName, SiteName and ArchiveName.
b. Edit the file in Notepad and save in UNICODE format, with an .ini extension.
c. After zapping the archive, to show the change to the archive in the Vault Admin Console (VAC), you must right click the container (IE.. Exchange Mailbox) and refresh it.
d. To bring all Exchange inherited permissions the mailbox must be synchronized
Note: The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but you are recommended to use [ArchivePermissions] in all new scripts.
Note: The "VaultName" or "ArchiveName" must be one of the following:
The name of an archive
An archive ID
ALL (permissions are applied to all journal, shared, and mailbox archives in the specified vault site)
ALL_JOURNAL (permissions are applied to all journal archives)
ALL_SHARED (permissions are applied to all shared archives)
ALL_MAILBOX (permissions are applied to all mailbox archives)
Run EVPM from \Program Files\Enterprise Vault as the Enterprise Vault Service Account. The syntax for EVPM follows:
EVPM [-?] [-e Exchange Server computer name ] [-m service mailbox] [-f Initialization file location and name]
I hope this helps.
11-05-2013 06:01 AM