01-15-2015 12:03 PM
Hi everyone,
Question for the group. This could be something I'm missing easily, but wanted some clear guidance on dealing with the issue.
So I've got users who have access to everyone's vault. When I attempt to remove their access, I am told they cannot be removed as they have "automatically set" permissions associated with it. Now I've read that I can "zap" the permissions. What I want to do is make it so everyone has access to their own vaults and no one elses. I found the EVPM.exe and a folder called EVPMScripts that has a file called GrantVSAAccess.ini in it.
[Directory]
DirectoryComputerName=Server Name
Site Name= Site
[ArchivePermissions]
ArchiveName = ALL
GrantAccess = delete read write,Service Account
I'm assuming this is where I need to go access the permissions so not everyone and their mother access to everyone's vaults. Do I need to make a new ini file and run that? How exactly do I zap these permissions and reset everyone to just have their own?
Thanks everyone!
Solved! Go to Solution.
01-15-2015 01:11 PM
You'll need to use the Exchange Management Console (ECM) and remove the permissions from the associated mailboxes. EV automatically assigns the permissions that are on the mailbox. Inherited permissions being uncheck only prevents container level permissions from being set on the archive, but any addiitonal permissions set directly on the mailbox will automatically be assigned.
01-15-2015 12:10 PM
if a permission is automatically set it means that it was inherited from Exchange so the next time sync runs, it'll be applied again.
01-15-2015 12:14 PM
Sounds like you need to uncheck sync Inherited Permissions
Article:TECH126736 | | | Created: 2010-01-18 | | | Updated: 2014-08-22 | | | Article URL http://www.symantec.com/docs/TECH126736 |
01-15-2015 12:30 PM
Tony,
Microsoft took away the "Mailbox Rights" on Active Directory on Exchange 2010, so I have no way of doing the first set of steps in this article. I did try the second part, and inherited permissions are already set to OFF.
Any other ideas?
01-15-2015 12:40 PM
What do you have set for Synchronize folder permissions?
Synchronize folder permissions (Exchange Archiving General setting)
Description
Controls whether synchronization of delegate and shared folder permissions within mailboxes are synchronized. If these are not synchronized, only mailbox owners have access to the corresponding archives. For example, this prevents delegates, from having access to mailbox archives.
Supported values
Off. Folder permissions are not synchronized.
On (default). Folder permissions are synchronized.
01-15-2015 01:06 PM
The tasks for my mailbox server have the "Mailbox Properties and Permissions" checked. I unchecked the "Mailbox Properties and Permissions" and synced it against my own account. The sync completed, but I am still showing users who have permissions against me and I can't remove them without still getting the same error.
01-15-2015 01:11 PM
You'll need to use the Exchange Management Console (ECM) and remove the permissions from the associated mailboxes. EV automatically assigns the permissions that are on the mailbox. Inherited permissions being uncheck only prevents container level permissions from being set on the archive, but any addiitonal permissions set directly on the mailbox will automatically be assigned.