William,
I have found there are quite a few inherited permissions, but I still can't
figure out where they come from. Here is what is on the mailbox now:
Domain\administrator - read (inherited)
domain\domain admins - delete,read,change,take ownership,full (all inherited)
domain\enterprise admins- delete,read,change,take ownership,full (all inherited)
Everyone - read (inherited)
Exchange Domain Servers - delete,read,change,take ownership,full (all inherited)
Exchange Service Account - delete,read,change,take ownership,full (all inherited)
Exchange Services - delete,read,change,take ownership,full (all inherited)
Self - Delete, full, Associated external account (not inherited)
The test user I am trying to give access to is not a member of any of the above groups
except of course everyone, but he can get access if I add him to the list with full
permissions.
When I put the test group in and give it full permissions (and of course he is a
member of that test group) it doesn't work, even after waiting and forcing an AD
replication to be sure his group membership is being evaluated.
1) Do you see anything in this ACL that would be affecting this?
2) Where the hell are all the inherited permissions coming from, I can't find a higher
level in the hierarchy to modify them (in the AD or the server manager)?
3) That Everyone - read permission makes me nervous, but it was there by default on
all mailboxes, and again I don't know where it is being inherited from to remove it. I
have checked around on a few regular user accounts and noone can access each others
mailbox so it would seem it doesn't work anyway, but it still makes me nervous.
Thanks for your help.
Brad
-----Original Message-----
From: William Lefkovics [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 15, 2002 2:27 PM
To: MS-Exchange Admin Issues
Subject: RE: Permissions In E2k
It should work for groups, too:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q268754
Are they inheriting any other perms preventing it?
-----Original Message-----
From: Brad Metzler [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 15, 2002 2:01 PM
To: MS-Exchange Admin Issues
Subject: Permissions In E2k
I'm still trying to figure out exactly how permissions work in E2k, but
one behavior I have discovered is a pain the ass and I'm hoping someone
can confirm this is what is supposed to be happening.
If I open a user in the Active Directory users and computer and in
mailbox permissions give access to a particular active directory user
(full mailbox access), then that user can open the mailbox. duh.
If however I create a group (I've tried domain local and global) and
give that group full mailbox access and add a user to that group, that
user is unable to open the mailbox.
Am I to assume that you can only give mailbox rights to individual users
and not to groups? Am I'm setting the permissions in the wrong place?
Brad
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
