cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Temporary permissions to all archives

Go to solution
Cheryle_Weather
Level 4

‎04-06-2009 12:52 PM

Hi All,

I am working on a project which will require 3 helpdesk analysts to have read/write/delete permissions to everyone's archives.  This will only be until the project is completed.

What would be the easiest way to accomplish this?  Whenever I have used the evpm scripts to grant all, I've had to run it again to deny all.  This leaves the user in the perms list.

EV 7.5 sp1 on exchange 2007

thank you!
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-06-2009 02:28 PM

Just to save you diving into the docs, im feeling happy tonight so here you go:

[Directory]
directorycomputername = evdir
sitename = evsite

[ArchivePermissions]
ArchiveName = ALL_MAILBOX
DenyAccess = delete, domain\groupwhocannotdelete
GrantAccess = read write delete, domain\userwhocandelete

ArchiveName = ALL_JOURNAL
GrantAccess =  read write delete, domain\userwhocandelete

View solution in original post

0 Kudos
15 REPLIES 15

Go to solution
MichelZ
Level 6
Partner Accredited Certified

‎04-06-2009 01:22 PM

Unfortunately, I think EVPM is your best bet. The other option(s) would be: - Grant permissions in Active Directory (The then can view the Exchange Mailbox, too) - Grant permissions in the GUI (This takes a really long time) - Grant permissions via the API (Probably too complicated for most people, and requires an API license) Cheers Michel

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-06-2009 02:04 PM

"Unfortunately, I think EVPM is your best bet."

Why unfortunately? there is nothing wrong with EVPM?

GUI = lame admins :)
0 Kudos

Go to solution
Cheryle_Weather
Level 4

‎04-06-2009 02:22 PM

Ok, well EVPM is easy enough, just don't like that it leaves the user in the perms list with a "deny all".  Would rather it just be stripped away.  Oh well, wish in one hand and you-know-what in the other...

Thanks!
0 Kudos

Go to solution
MichelZ
Level 6
Partner Accredited Certified

‎04-06-2009 02:28 PM

Yes, that's why I said "unfortunately", because in the GUI you can remove the permissions completely, without denying, I think ;)

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-06-2009 02:28 PM

Just to save you diving into the docs, im feeling happy tonight so here you go:

[Directory]
directorycomputername = evdir
sitename = evsite

[ArchivePermissions]
ArchiveName = ALL_MAILBOX
DenyAccess = delete, domain\groupwhocannotdelete
GrantAccess = read write delete, domain\userwhocandelete

ArchiveName = ALL_JOURNAL
GrantAccess =  read write delete, domain\userwhocandelete

0 Kudos

Go to solution
Cheryle_Weather
Level 4

‎04-13-2009 01:42 PM

I created a group in AD hoping that this would allow me to grant/deny access based on group membership.  The script seems to be processing mailboxes, however, there is no change in the perms list even after provisioning and resynching.

Here is the script... what am I missing?  This will work if I change the ArchiveName to a single DN, but seems to have issues with "All_mailbox".

Any suggestions?

[Directory]
directorycomputername = vault.wsgr.com
sitename = wsgr

[ArchivePermissions]
ArchiveName = ALL_MAILBOX
GrantAccess = read write delete, wsgrdom\vault project

 

0 Kudos

Go to solution
Joseph_Rodgers
Level 6
Partner

‎04-13-2009 05:03 PM

Cheryle,

Just a quick check, did you Refresh your EV Admin console (highlight the "Archive" category and press F5)?  It won't reflect the changes until you do so.

-Joe
0 Kudos

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-14-2009 01:36 AM

Did EVPM thow any errors?  If not then it could be AD replication or as Joe says a refresh of the MMC.
0 Kudos

Go to solution
Cheryle_Weather
Level 4

‎04-14-2009 10:30 AM

OMG... I'm an idiot!  I just needed to refresh... DOH

Thanks!
0 Kudos

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-14-2009 11:23 PM

Easily forgotten :)

Please remember to mark your thread as resolved.

0 Kudos

Go to solution
Joseph_Rodgers
Level 6
Partner

‎04-15-2009 01:11 PM

Cheryle,

Don't feel too much like an idiot I drill this into every student & client I have, the MMC is a static view and when in doubt refresh and then I promptly forgot my own advice time after time!

-Joe


0 Kudos

Go to solution
MichelZ
Level 6
Partner Accredited Certified

‎04-15-2009 01:51 PM

Maybe we should file an enhancement request for an auto-refresh feature ;)

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-15-2009 02:35 PM

NO PLEASE NO! *g* could you imagine an auto refresh when you have 200,000 archives? Think about it :p
0 Kudos

Go to solution
MichelZ
Level 6
Partner Accredited Certified

‎04-15-2009 10:49 PM

Configurable that you can disable it? :D

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Go to solution
Wayne_Humphrey
Level 6
Partner Accredited Certified

‎04-15-2009 11:05 PM

You are dreaming then :)
0 Kudos