cancel
Showing results for 
Search instead for 
Did you mean: 

Archive Explorer – Multiple Archives

San_Bangalore
Level 5

I have been getting these queries quiet sometime. Need help with this.

There is a user say X and he can see multiple mailboxes in his archive explorer. I understand that X user has access to those mailboxes that is the reason he could see those in the archive explorer. But the challenge is the mailboxes which this X user had these access they are no more associated with organization so I don’t those mailboxes in the Global Address List because it has been deleted. How do remove these permissions so that X users should see only his vault in the explorer.

6 REPLIES 6

AmolB
Moderator
Moderator
Employee Accredited Certified

Do you see deleted archives in the Vault Admin Console (VAC) ?

If you can see the archives in the VAC then simply remove User X from the access control list of the 

archives of deleted mailboxes

 

San_Bangalore
Level 5

I am checking this. Any other way through SQL ?

AmolB
Moderator
Moderator
Employee Accredited Certified

Refer to below articles.

http://www.symantec.com/docs/TECH35574

http://www.symantec.com/docs/TECH44818

EV_Ajay
Level 6
Employee Accredited

Hi San,

You need to manually remove this user from other user archives from "Permission" Tab. If you see overthere that those refelct as Automatically then you need to remove this (X) user from Exchange server delegation / from outlook where other user delegates rights to this user.

 

GabeV
Level 6
Employee Accredited

Hi,

If these permissions where applied from Exchange or Outlook, the archives would have the permissions automatically assigned from Exchange. You need to remove these permissions using an EVPM script and synchronize the permissions again from the archiving task:

How to remove all permissions from an archive using Enterprise Vault Policy Manager (EVPM)
http://www.symantec.com/docs/TECH44818

There could be circumstances where archive permissions need to be removed, a typical example is when there are permissions that should not be placed in an archive, those premissions could be added by:

- Manually set permissions on vault administration console

- Inherited Exchange permissions

In both situations there will be necessary to identify what is causing the issue, removing all permissions will help to acomplish it

Solution

This can be achieved by creating an EVPM script, specifying the particular details and running it against the affected archive(s).

[Directory]
DirectoryComputerName=kvsvault
SiteName=archivesite

[ArchivePermissions]
ArchiveName=Mary Jones
Zap=True

Notes:
   a. Modify the script above to match the particular DirectoryComputerName, SiteName and ArchiveName. 
   b. Edit the file in Notepad and save in UNICODE format, with an .ini extension. 
   c. After zapping the archive, to show the change to the archive in the Vault Admin Console (VAC), you must right click the container (IE.. Exchange Mailbox) and refresh it.
   d. To bring all Exchange inherited permissions the mailbox must be synchronized


Note: The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but you are recommended to use [ArchivePermissions] in all new scripts.
 

Note: The "VaultName" or "ArchiveName" must be one of the following:
 

  • The name of an archive

  • An archive ID

  • ALL (permissions are applied to all journal, shared, and mailbox archives in the specified vault site)

  • ALL_JOURNAL (permissions are applied to all journal archives)

  • ALL_SHARED (permissions are applied to all shared archives)

  • ALL_MAILBOX (permissions are applied to all mailbox archives)


Run EVPM from \Program Files\Enterprise Vault as the Enterprise Vault Service Account. The syntax for EVPM follows:

EVPM [-?] [-e Exchange Server computer name ] [-m service mailbox] [-f Initialization file location and name]

I hope this helps.

Rob_Wilcox1
Level 6
Partner
Is anything else needed on this thread? If not then perhaps mark one or more of the threads that were most helpful as the solution.
Working for cloudficient.com