cancel
Showing results for 
Search instead for 
Did you mean: 

Deleting Archived Email when Prevent deletion has been enabled

Zap
Level 4
Partner

I've managed to get myself confused so rather than rant on and confuse everyone else with what I think I know I'll state the facts of my scenario and see what people suggest.

Exchange 2003, EV 8.4

All Exchange Mailbox email older than 12 months has been archived using a Retention Category that has 'Retain Items Forever' and 'Prevent deletion of archived items in this category' enabled. Site Policy does not allow user deletion and the desktop policy hides the remove from vault icon.

The original intention was that nothing should ever need to be removed. A situation has come up where PST data was imported to an incorrect mailbox. Due to privacy issues, the archived email needs to be purged from the incorrect users mailbox archive.

Given the applied rentention category and policies, what is the best way to purge the data (no export of data is required)?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

JesusWept3
Level 6
Partner Accredited Certified
Exactly, the retention applies to the items, not the user You'd either have to change the DB changing the retention, or move the items to a different folder with a different retention or modify th existing retention Oh and a lot depends on storage, for instance if you are on a centera in compliance or governance mode, forget it
https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

8 REPLIES 8

JesusWept3
Level 6
Partner Accredited Certified
First thing I would do is lock down deleteo2k.asp so only the evadmin can get to that page, after that I would create a mailbox profile that has access to the users archive and then sync across the virtual vault, once it's fully synced, I would then remove the lock on the retention category and allow users to delete Go ahead through virtual vault, hard delete the items, synch the vault cache, once youve confirmed it's all been deleted, then recheck the prevent deletions and then disallow users to delete OR in a similar fashion, create a "delete now" folder and with rvpm grant it a new retention that doesn't have the prevention set, and give it a retention of zero days and then run expiry Either way you're going to have have to allow for deletions for a short while until the situation is resolved
https://www.linkedin.com/in/alex-allen-turl-07370146

Zap
Level 4
Partner

I've got a feeling this might come up again, so rather than an adhoc change to the existing retention category, could I do something a bit more permanent? For example if I created a new provisioning group, desktop policy, and retention category that show the delete icon and does not prevent deletion, would it be a simple of case of adding the user to the provisioning group and resyncing as needed?

Or will this fail because the email was archived under a different retention category originally?

JesusWept3
Level 6
Partner Accredited Certified
Exactly, the retention applies to the items, not the user You'd either have to change the DB changing the retention, or move the items to a different folder with a different retention or modify th existing retention Oh and a lot depends on storage, for instance if you are on a centera in compliance or governance mode, forget it
https://www.linkedin.com/in/alex-allen-turl-07370146

KrisG
Level 4
Partner Accredited

(EV9 on W2k8)

OK, it's similar to my situation, when I want to delete some not important emails from a fiew archives.  Those elements not expired yet. I absolutly not allowed to give any users ability to delete any elements, even for awhile, but I can prevent users from access to Vault. So how should I organize the deletion? I think I can block access from user's VLANs to Vault (e.g. on OS system firewall), then uncheck 'Prevent deletion of archived items in this category' and - as Admin (and from admin's VLAN) - delete emails from archives. Is this a good idea?

Zap
Level 4
Partner

Thanks JesusWept2! I'll follow your initial recommendation.

(sorry for the late reply, was off work for a few days)

Zap
Level 4
Partner

Hi KrisG, would it be just easier to restrict access to deleteo2k.asp and ensure the desktop policy prevents access to the delete from vault options?

KrisG
Level 4
Partner Accredited

But why I should have been sure the desktop policy prevents access to the delete from vault option, so users have blocked access to deleteo2k.asp anyway?

I don't know the role of deleteo2k.asp in deletion process. Can You clarify a little bit?

JesusWept3
Level 6
Partner Accredited Certified

deleteo2k.asp processes all the delete requests coming from outlook, owa , archive explorer, search.asp etc, but not displaying the icon and making sure that the policy is set to delete just the shortcut is the best method

Otherwise if you have people who have the button but then get errors saying the deletion failed, then it just generates complaints.

 

https://www.linkedin.com/in/alex-allen-turl-07370146