Solved: Search ALL Vaults

Denis_Methot · ‎09-18-2007

I got a request to search if a specific URL and attachment is in all the users vaults. I know the Discovery Accelerator would probebly do this but we dont use it.

My question is there a way I could do this without DA by creating a new SuperEV account that would have permission in all the user Vaults then use the Search.asp or Searcho2k.asp to search all the Vaults.

I tried to add a superEV account to the Exchange server via ESM and gave it full control, then I Sync the Exchange Mailbox task for that server but I could not see all the Vauls when using the Search.asp or Searcho2k.asp, then tried with the Folder hierarchy and permissions still no success.

Any idea...

TonySterling · ‎09-19-2007

Denis,

I guess I didn't think about you having a bunch of manually added permissions! Glad you tested. :)

In that case I would recommend using EVPM to grant the permissions, search, then you EVPM to set a deny the permission.

Those that work for you?

View solution in original post

andra_christie · ‎09-18-2007

You can use the evpm script below for that (added some additional info below too)

[Directory]

DirectoryComputerName=enterprise vault directory server
SiteName=vault site name

[ArchivePermissions]
ArchiveName=ALL_MAILBOX
GrantAccess=read write delete, domain\username

Mandatory setting
ArchiveName

Mandatory. Specifies the name of the archive to which the permission settings will be applied.

If there are multiple folders with the same name and you specify a name, then Policy Manager modifies only the first one that it finds. In this case, you must use archive IDs to specify the archives.

Possible values:

The name of an archive

An archive ID

ALL (Permissions will be applied to all journal, shared, and mailbox archives in the specified Vault Site)

ALL_JOURNAL (Permissions will be applied to all journal archives)

ALL_SHARED (Permissions will be applied to all shared archives)

ALL_MAILBOX (Permissions will be applied to all mailbox archives)

Denis_Methot · ‎09-18-2007

Great!

Once we have done our search, is there a way to remove the added account from all the vaults.

Doing the search with Search.asp returns all the vaults that found matches seperatly, is there a way to get one list of all the items not broken down by vaults.

Message Edited by Denis Methot on 09-18-2007 07:30 PM

TonySterling · ‎09-19-2007

You can use EVPM again and zap the permissions and then just run synch after the zap to set everything as it was.

[ArchivePermissions]
ArchiveName = ALL

Zap = true

Zap

Clears all permissions on the archive. If you specify Zap, GrantAccess and DenyAccess are ignored.

Possible values:

true
false (default)

Denis_Methot · ‎09-19-2007

From my testing (LAB) when I ran the ZAP it removes all manual permissions not just the one I assigned, not the desired effect if the vault has other manual permission previously set.

ReSynch may not be needed as the ZAP did not remove the automatic permissions in the Vault, and that's a good design not removing those permissions.

So with EVPM is seem I'm limited to GrantAccess, DenyAccess or ZAP. I though if I ran it without the Read-Write-Delete it would remove it but it did not.

So what I need to before proceeding in the LIVE is to confirm out of our 5,500 vault do we have vaults with manual permission set to them already. So I track it down to dbo.ACE for the column ACEType and I suspect when its a '1' there is a manual permission set on the Vault, but don't know what's a '0' and '2' and perhaps I'm wrong about the '1'.

Any idea on that...

TonySterling · ‎09-19-2007

Denis,

I guess I didn't think about you having a bunch of manually added permissions! Glad you tested. :)

In that case I would recommend using EVPM to grant the permissions, search, then you EVPM to set a deny the permission.

Those that work for you?

VOX

Search ALL Vaults