I was very surprised when I saw few other users shown in the archive explorer when I open archive explorer through OWA
e.g I open users A archive explorer and I can access mails of users B,C,D etc.(Kindly find an attachement for more clearity)
When I try to get more information I found that, EV service account has give read write and delete permission on these users vault.
Please help me.
Solved! Go to Solution.
Enterprise Vault synchronizes these changes. The permissions can be turned off on the EV side (in the VAC) or on the Exchange server (after which you will need to wait for - or force - a synchronization of the permissions via the appropriate EV archive task).
It seems user who can see other user's archive through AE has permission on other user's mailbox. You can remove this permission from Exchange server side and the same will get replicated to EV.
Note- Some permissions are not visible in Exchange side because its given through Outlook and you can use 'PermissionBrowser.exe' to find out who has permission in the folder level.
If you are looking for a tool from Exchange side to report permission on the whole mailboxes in the production then please follow below link,
Hope this helps!
Thanks all of you
My problem has resolved after I remove the permissions given to EV service account on these users vault and forcely synchronise permissions via archive task.
It also clear that this is due to the rights given to the EV service account and not from exchange side
but still I am not clear why it was showing to other users?
I have not provide EV service account credentials at all when I open archive explorer.
I am not getting the point that you have removed the permission from EV side for Service account and after that all other user are not able to see the itesm! Since you have only cleared the permission of service account how that affected others?
That is one of the mystery I haven’t understand my problem had resolved but still I have not understand the reason behind that
If I provide read write and delete permission on few users archive vault to EV service account that users vault is accessible to other users through archive explorer
This is an expected behavior in EV?