cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Remove mailbox folder permissions (Exchange 2010 SP1/Evault 9.0.2)

Go to solution
smlopes
Level 5

‎01-10-2012 02:06 PM

Synchronize folder permissions mailbox policy setting is turned to "On". Folder permissions are coming over to the archive ok, however, I am now getting complaints that the users don't want to see other user's archives. I used the PermissionBrowser and verified the folder permissions exist. Is there a recursive command or script that I can use to remove mailbox folder permissions in Exchange for ALL folders instead of removing folder permissions one by one?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎02-03-2012 07:31 AM

if you do a permissions zap on a mailbox it will completely remove all permissions from the archive, and then when it synchronizes it will take whatever you tell it to sync, so in this case it will just sync the mailbox permissions and nothing else

If someone else needs access, you would have to assign them in the VAC and that would give them the read only for the entire archive

I suppose you could create a new provisioning group and a new policy that only synchronizes the permissions for a certain amount of users that are ok with this

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎01-10-2012 03:19 PM

http://www.symantec.com/business/support/index?page=content&id=TECH44818 Change ArchiveName to be ALL and it will zap all user permissions You will have to synch with folder hierarchy and permissions checked or wait for a regular archiving run to occur to get the permissions back, if you keep the folder permissions option to On the permissions will come right back, so set it to off
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎01-10-2012 03:21 PM

Wouldn't it be easier to just turn Off the setting to Synchronize folder permissions?

You could look at the the Powershell script to remove folder permissions.

http://technet.microsoft.com/en-us/library/dd351181.aspx

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎01-10-2012 06:44 PM

if you turn sync permissions off though, it will still keep the old permissions, no?

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎01-10-2012 07:05 PM

LOL, that's true!  So you would want to zap the permissions like you said. smiley

0 Kudos

Go to solution
smlopes
Level 5

‎02-03-2012 06:08 AM

That's the easy answer. Doesn't complete solve my question though.

1) Does it reset everyone's permissions that already have access to other user's archive?

2) What's best practice on assigning archive permissions with the folder sync off? Does system admin now have to manually add permissions everytime someone needs access to someone's archive?

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎02-03-2012 07:31 AM

if you do a permissions zap on a mailbox it will completely remove all permissions from the archive, and then when it synchronizes it will take whatever you tell it to sync, so in this case it will just sync the mailbox permissions and nothing else

If someone else needs access, you would have to assign them in the VAC and that would give them the read only for the entire archive

I suppose you could create a new provisioning group and a new policy that only synchronizes the permissions for a certain amount of users that are ok with this

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos