06-27-2013 03:08 AM
Hi,
Is it possivel to prevent users to archive there itens/message to another archive (Vault)?
All user have there personal mailbox and access at least another mailbox (Group mailbox).
Up to now we only archive the group mailbox, the user only access this mailbox using OWA, now we are rolling out the outlook add'ins and enabling the personal mailbox for archive, and we found out that user are archive mail in another mailbox archive(Vault), how can we prevent this?
EnterpriseVault 9.0.3
Exchange 2010 SP1 RU 6
Exchange 2003
Outlook 2003/2010
Solved! Go to Solution.
06-27-2013 04:24 AM
Just make sure that users are not allowed to write into the group mailbox'es archives. (Make sure they don't have write permissions or explicitly DENY permissions to the users in the VAC)
06-27-2013 03:10 AM
Pretty sure that if you don't create an archive for the shared mailbox, people won't be able to archive to it... Haven't tested that in a while though.
06-27-2013 04:24 AM
Just make sure that users are not allowed to write into the group mailbox'es archives. (Make sure they don't have write permissions or explicitly DENY permissions to the users in the VAC)
06-27-2013 04:29 AM
Rob, shared mailboxes are privileged way of interacting with the outside(let´s call client), we recommend our user just to delete spam from the mailbox, everything else is to be keep, the user can delete anything from the shared mailbox archive. I really need to find way to prevent user to cross archive itens.
06-27-2013 04:40 AM
So, then, I'm confused.
What are you seeing (exactly)?
And what do you want people to be able to do, or not do?
06-27-2013 04:43 AM
As far as I understand:
Currently:
- Users have Mailbox + Groupmailbox
- Groupmailbox has been enabled for archiving
- Users are not being archived
New:
- Users get Outlook add-in
- Users are allowed to manually archive
- Users need to be prevented from archiving to the Groupmailbox
06-27-2013 05:21 AM
Sounds to me like your problem is that your users are able to archive messages from their own mailbox and the shared mailbox into their OWN archive, which the other users may not have access to. This would mean that your users encounter access denied messages when attempting to retrieve.
Either you could
1) enable full client functionality and allow the user to pick which archive they are going to archive into at the point of selecting 'archive now' (which would probably have a limited success rate) or
2) Take away the manual archive button, which may probably only recently have been made available (i dont see why you would have enabled manual archiving in a group mailbox, but hey, you might have a reason)
3) Maybe consider enabling a shortcut-less archiving strategy and implement vault cache\virtual vault + use drag and drop instead for shared mailboxes
4) Completely Ignore the security model implemented in EV and use exchange permissions instead via a reg key. I don't advise this...
You would also need to stop users from dragging shortcuts from one mailbox to another, which is something that also happens a lot with public folders
Regards,
Jeff
06-27-2013 06:04 AM
That correct.
06-27-2013 06:10 AM
Then I think my first answer still applies:
Just make sure that users are not allowed to write into the group mailbox'es archives.
This means you need to make sure users do not have write permissions to the group mailbox archive. Users normaly have this permission when they have Full Permissions on the Mailbox itself, so you would need to DENY permissions to your users/user groups on the individual group mailbox archives.
06-27-2013 06:16 AM
Jeff, the shared mailbox are not the problem because the are not mapped in outlook, but when a user try to manually archive a message, they can see all archive mailbox.
06-27-2013 06:18 AM
MichelZ, going to test this solution
06-27-2013 07:02 AM
It work. now I have do change 1300 archive.
06-27-2013 09:10 AM
Ah so you mean the POPUP of where to store the item is the problem? In 'lite/http' mode that is hidden. All mail would be stored in the user archive (their default archive)....
Regards,
Jeff
06-27-2013 04:10 PM
Yes Jeff, that correct, Our user still have outlook 2003, I see if I can use your advice.