cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

How to remove EV permission

dineshnegi
Level 5

‎07-29-2013 08:05 PM

Getting below error while removing user from another user EV account

 

 

6 REPLIES 6

Rob_Wilcox1
Level 6
Partner

‎07-29-2013 10:46 PM

What version of EV is this?

Is the user you're trying to remove the vault service account?

 

Typically automatically set permissions come from:

- The Vault Service Account via it being set as the account on the properties of the directory

or

- Permissions being given in Exchange/Outlook, and the policy setting selected to enable inherited permissions

Working for cloudficient.com
0 Kudos

Arjun_Shelke
Level 6
Employee Accredited

‎07-29-2013 11:36 PM

It looks like the Account SID cant be resolved with the user name. IT could be due to DC/GC communication issue or user might have deleted in AD. Auto set permissions cannot be removed from VAC >> Archive properties >> Permissions section. You can only modify or remove manually set permissions. You can try using EVPM here. I hope the account which you are trying to remove is not the VSA or owner user account.

This can be achieved by creating an EVPM script, specifying the particular details and running it against the affected archive(s).

 

[Directory]

DirectoryComputerName=kvsvault

SiteName=archivesite

 

[ArchivePermissions]

ArchiveName=Mary Jones

Zap=True

 

Notes:

   a. Modify the script above to match the particular DirectoryComputerName, SiteName and ArchiveName. 

   b. Edit the file in Notepad and save in UNICODE format, with an .ini extension. 

   c. After zapping the archive, to show the change to the archive in the Vault Admin Console (VAC), you must right click the container (IE.. Exchange Mailbox) and refresh it.

   d. To bring all Exchange inherited permissions the mailbox must be synchronized

 

Note: The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but you are recommended to use [ArchivePermissions] in all new scripts.

 

Note: The "VaultName" or "ArchiveName" must be one of the following:

 

  • The name of an archive
  • An archive ID
  • ALL (permissions are applied to all journal, shared, and mailbox archives in the specified vault site)
  • ALL_JOURNAL (permissions are applied to all journal archives)
  • ALL_SHARED (permissions are applied to all shared archives)
  • ALL_MAILBOX (permissions are applied to all mailbox archives)

 

Run EVPM from \Program Files\Enterprise Vault as the Enterprise Vault Service Account. The syntax for EVPM follows:

 

EVPM [-?] [-e Exchange Server computer name ] [-m service mailbox] [-f Initialization file location and name]

 

 

Parameter

Meaning

-?

Prints usage to screen

-e

The Exchange Server computer name

-f

The initialization file location and name

-m

The name of the Enterprise Vault service mailbox

 

 

Note: If running EVPM without any parameters, it will prompt for each one.

0 Kudos

Pradeep-Papnai
Level 6
Employee Accredited Certified

‎07-30-2013 12:47 AM

Agreed with Adviser, this problem comes when EV unable to resolve SID from GC. Most probably the user a/c is deleted from AD.

You cannot remove automatically assigned permission from VAC and you need to zap the permission from creating EVPM script as directed by Adviser.

http://www.symantec.com/docs/TECH44818

Below is one more thread which was discussed on automatically assigned permission.

http://www.symantec.com/connect/forums/how-do-i-remove-automatically-set-permissions-enterprise-vault-exchange-archive

 

0 Kudos

EV_Ajay
Level 6
Employee Accredited

‎07-30-2013 12:50 AM

Hi ,

  • Steps need to carry out on Enterprise Vault Server : -

 

  1. Log on to Enterprise Vault Server using EV Service Account.
  2. Apply the TechNote : How to remove all permissions from an archive using Enterprise Vault Policy Manager (EVPM) - http://www.symantec.com/docs/TECH44818.
  3. If the steps mentioned in the TechNote didn’t help then try to remove the permission using following SQL Query.
  4. Take Backup of the “EnterpriseVaultdirectory” Database from SQL Server, if anything goes wrong.
  5. Run the Following SQL Query :

          Use EnterpriseVaultdirectory

         Update ArchiveView

         Set AutoSecurityDesc = null where ArchiveName = 'ArchiveName'

  1. In above Example SQL Query Look Like :

         Use EnterpriseVaultdirectory

         Update ArchiveView

         Set AutoSecurityDesc = null where ArchiveName = 'ArchiveName'

  1. Refresh the Vault Admin Console and check the Permission Tab of the User Archive , everything will be blank.

 

0 Kudos

EV_Ajay
Level 6
Employee Accredited

‎07-30-2013 12:52 AM

Hi,

You can also check and see on the archive permissions that are set are automatic set or not. If they are and those are the wrong permissions then do the following:

Check the registry HKEY_LOCAL_MACHINE\Software\wow6432node\KVS\Enterprise Vault\Agents and see if we have a registry key named 'IncludeInheritedRights ' in that location.
 

The possible values for IncludeInheritedRights are:

  • 0 to exclude inherited permissions
  • 1 to include inherited permissions
0 Kudos

dineshnegi
Level 5

‎07-30-2013 11:57 PM

thanks all

0 Kudos