01-19-2011 08:30 AM
Solved! Go to Solution.
01-20-2011 01:01 AM
Would journaling not be a better option:
As you say it is only for compliance, you might be better off using journalarchiving, and keeping that forever? This way, you can use DA to search mails if needed.
As for the permissions, as you do not deploy the client, your users cannot access the archive direct anyway. You could 'secure' the webpages called (search and archive explorer) to prevent users from accidently stumbling accross these pages.
And, as Karl says, the user will be synced automatically every time.
01-19-2011 08:52 AM
There isn't anything to stop the synchronization of user permissions to a mailbox archive.
If you manually add the same permissions (Read, Write, Delete) as a DENY this should override the automatically synchronized permissions - basically disabling end user access.
Thanks
Karl
01-19-2011 11:05 PM
Please refer the following document
http://www.symantec.com/business/support/index?page=content&id=TECH44818
01-20-2011 12:34 AM
Whilst the script will remove the permissions it doesn't stop on-going synchronization of the permissions from the archive task back to the mailbox. Therefore once performs a synchronize and archiving run the permissions will be synchronized back to the archive.
This would mean having to run the script daily for all active users (not deleted from AD).
-Karl
01-20-2011 12:50 AM
Yup KarlW thats true , synchornize the mailbox woud get the permission back.Archive permissions are automatically inherited from AD mailbox rights
These will need to be manually denied on the archive properties in order to prevent access to the archive.
01-20-2011 01:01 AM
Would journaling not be a better option:
As you say it is only for compliance, you might be better off using journalarchiving, and keeping that forever? This way, you can use DA to search mails if needed.
As for the permissions, as you do not deploy the client, your users cannot access the archive direct anyway. You could 'secure' the webpages called (search and archive explorer) to prevent users from accidently stumbling accross these pages.
And, as Karl says, the user will be synced automatically every time.
01-20-2011 07:00 AM