11-28-2008 03:25 AM
Morning all,
When opening Archive Explorer through Microsoft Outlook 2007 you are redirected and in the top left corner of the window is your name displayed which is expandable and shows you all your archived email.
Here is the problem, I have a few users that have their own name showing and working with no issues. However, they are also displaying other users archived items. So another users name is also present and expandable and they are able to view another users archived items.
Please can someone shed some light to why this is happening and how to stop this from happening?
Many thanks for your time and if you require any further information please ask.
Andy
11-28-2008 04:58 AM
Hi Andy,
When users can see more archives than their own in Archive Explorer, than this means that they also have access on the Exchange mailboxes of those users.
Security from Exchange mailboxes is synchronized towards the EV archives.
So, the 'issue' you report is in fact standard behaviour. If the specific users may not see the archives of the other users, you have to check the mailbox security on the involved Exchange mailboxes.
greetz,
Rudy
12-02-2008 08:13 AM
Hi,
sorry for the late reply.
I checked a user that has 2 archive explorer mailboxes in view and he did have access rights to that particular users mailbox. I have removed the access rights and have left this for a few days and he is still able to view that users archive explorer?
With the handful of other users they do not currently have any access rights to the mailboxes of the people they can view within their archive explorer. Further investigation has proven that at some point they used to have access rights but do not anymore.
So my question is how can eliminate the security access rights picked up by enterprise vault when they no longer have the access rights on exchange?
Thanks,
Andy
12-03-2008 11:24 AM
Hi awb123,
Can you check the particular user's archive in Admin console and see if the user(the one who can see two archives in Archive Explorer) is not granted permission on the archive ?
You can also use Permission Browser which is located in Enterprise Vault Install folder on the EV server to check permissions.
Alternative to this is denying permission on the user's archive - synchronizing mailbox and try opening Archive explorer. If you can still see the archive in archive explorer right click on righ pane in AE and refresh
12-04-2008 06:02 AM
01-06-2009 02:00 AM
I have exactly the same problem. I had to give myslef permissions to a number of Exchange mailboxes some time ago and all their vaults popped up within my AE as expected. I then removed all my permissions to their mailboxes but their vaults are still visible within AE. I don't have any permissions to their mailboxes within Exchange and the admin console and Permissions Explorer within EV don't show my account listed but their vaults still show up. I have run numerous resyncs but I can't get rid of the vaults.
01-06-2009 04:14 AM
Hello,
Make sure that when you sync, you select to sync the Folder hierarchy and permissions too! This will reset the permissions on the archive.
Then, when the sync is done, have the user seeing the additional vaults close Outlook, wait a minute, than restart Outlook. Check.
When the user still sees additional archives, close Outlook, run the evresetclient, start Outlook, check again.
Make sure that the sync has run to completion.
GJ
01-06-2009 05:09 AM
I have run the sync with the Folder permissions set but they are still there. Where do I find the EVResetclient tool?
01-06-2009 05:21 AM
Sorry - found the tool. Closed Outlook, ran the tool successfully, restarted Outlook. All the vaults are still there.
Any other ideas?
01-06-2009 01:07 PM
HI Phenian,
I am pretty sure the syncing should fix the issue. I recall having to wait a while for the actual shared vault 'disappeared', but it does happen. I'll see if I can retrieve my notes for that issue to see what I did.
GJ
01-28-2009 07:46 AM
03-09-2009 07:20 AM
Hi
Any further ideas anyone - Still having extra mailboxes appearing under archive explorer, despite having NO permission. I have sync the permission and waited and made sure there is no permission set in AD and in exchange etc. I should not be able to see other users mailbox in my archive explorer.
It seems I am havign the same issue as AWB123. Please post if you have any fix/ideas. Thanks.
Shahss
03-09-2009 06:37 PM
There has to be permission coming from somewhere as we do not make up permissions so if you are confident that there is nothing from an AD perspective then these users could have switched on outlook delegation by maybe switching on access at that level.
The easiest thing to do to confirm all access on the archive is to use the permissionbrowser.exe tool that you can find in the enterprise vault directory.
This is a GUI based tool and you can select the archive that you can see in your AE list and check out all of the ACL's etc that are on that archive.
From there you will understand what has happened.
03-10-2009 06:49 AM
found it very useful. have just used it and would see the result once sync runs.
03-12-2009 02:40 AM
is it worth 'zapping' permissions on the archive and then can at least determine if the permissions are still being synched from somewhere or if they have just been hard set somewhere.
If after 'zapping', you can no longer see them, then it was something left over from a change in the past, if the vaults re-appear then it has synched it from somewhere.
Looking into the same thing in the past, I think the following places are where the permissions are taken from:
-Outlook Mailbox permissions
-Outlook Delegates
-EV permissions applied directly from the VAC
-Exchange Mailbox Rights (if you look at the properties of the account in ADUC, click on the 'Exchange Advanced' tab, then 'Mailbox Rights'
-Sometimes permissions on the AD account (if you look at the properties of the account, 'Security' tab)
Would be interested in the resolution to this as we have a situation where all members of admin groups (enterprise admins, domain admins etc) have access to a user's vault visible via AE. - ther permissions for this user's AD account or Archive does not appear to be any different to other users.
03-12-2009 08:07 AM
observation is still on - seeing good results.
03-12-2009 08:53 AM
observation is still on - seeing good results.
what do you mean?
03-12-2009 10:12 PM
i removed inherited permissions from AD after going through the utility permissionbrowser and synced the mailboxes and found permission related alerts and warnings disappeared and also users who use to see other mailbox archives stopped.
06-18-2009 05:00 AM
06-18-2009 05:41 AM