cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Archive Explorer Permissions.

Go to solution
pss53
Level 4

‎03-16-2012 03:09 AM

Hi,

We seem to be having a problem with archive explorer showing us accounts we don't have access to? We've checked the permissions in exchange and we definatly don't have permissions to some of the mailboxes we can see in Arch Explorer.

Is there anywhere in E.V. you can check these permissions or are they all replicated from exchange?

Were running, exchange 2003, e.v. 9.0

Thanks in advance...

 

Paul.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎03-17-2012 01:20 PM

Well the thing with Everyone and Anonymous is that they are on each and every single mailbox however they have absolutely no permissions, so its basically setting an automatic deny for any person, it is then individual users that are granted the access.

So here is one thing I suggest you do.
Look in Archive Explorer and see your mailbox and someone elses mailbox.
Then go to Outlook and attempt to open that users mailbox and folder and see if Exchange or Outlook lets you in, if it does, then EV is just doing what Outlook is already allowing.

But heres one thing that it could possibly be, do you use FSA at all?
I have seen sometimes people have FSA set up to archive personal shares and they see the users shared folder thats archived through EV as being as a mailbox as opposed to an FSA share etc

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
RahulG
Level 6
Employee

‎03-16-2012 04:40 AM

 

There has to be permission coming from somewhere as we do not make up permissions so if you are confident that there is nothing from an AD perspective then these users could have switched on outlook delegation by maybe switching on access at that level.

The easiest thing to do to confirm all access on the archive is to use the permissionbrowser.exe tool that you can find in the enterprise vault directory.

This is a GUI based tool and you can select the archive that you can see in your AE list and check out all of the ACL's etc that are on that archive.

From there you will understand what has happened.

0 Kudos

Go to solution
pss53
Level 4

‎03-16-2012 04:56 AM

Used that and it's strange as one user is still listed as having access to a specific account, although in AD he doesn't have permissions? He does say he may have done many moons ago?

Could there be something wrong with the sync on the database not taking the access away?? Is this where the permissions that permissionbrowser see's?

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎03-16-2012 05:05 AM

Its most likely delegate permissions the user has set themselves in outlook If you want to see it, DTrace agent client broker and manually sync the user with folder hierarchy and permissions enabled
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
RahulG
Level 6
Employee

‎03-16-2012 06:52 AM

I dont think anything would be wrong with database as such . Check the permission browser .

0 Kudos

Go to solution
pss53
Level 4

‎03-16-2012 06:52 AM

No we checked the delegated permissions also and there's nothing set ? Really really strange !!! 

0 Kudos

Go to solution
AKL
Level 6
Certified

‎03-16-2012 04:46 PM

Have you checked if "Everyone" or "Authenticated Users" have full access? Also - Have you tried to zap permission completely off archive and re-sync the mailbox account with folder permissions?

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎03-17-2012 01:20 PM

Well the thing with Everyone and Anonymous is that they are on each and every single mailbox however they have absolutely no permissions, so its basically setting an automatic deny for any person, it is then individual users that are granted the access.

So here is one thing I suggest you do.
Look in Archive Explorer and see your mailbox and someone elses mailbox.
Then go to Outlook and attempt to open that users mailbox and folder and see if Exchange or Outlook lets you in, if it does, then EV is just doing what Outlook is already allowing.

But heres one thing that it could possibly be, do you use FSA at all?
I have seen sometimes people have FSA set up to archive personal shares and they see the users shared folder thats archived through EV as being as a mailbox as opposed to an FSA share etc

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
Ameen
Level 6

‎03-31-2012 11:56 AM

We had similare issue and ZAPing helped us to solve the issue, follow below article to ZAP http://www.symantec.com/business/support/index?page=content&id=TECH35614

0 Kudos