Incorrect or undesired permissions applied to archives.

book

Article ID: 100001114

calendar_today

Updated On:

Resolution

Enterprise vault (EV) assigns permissions to an archive based on the permissions assigned to the user's mailbox. By default, permissions that are inherited through Active Directory are not applied to the archive. When an archive has inherited unexpected permissions, the permissions applied to the mailbox need to be verified. Any permission that is manually assigned (not inherited), will be applied to the archive.

 
  1. In Active Directory Users and Computers, open the properties of the user account in question.
  2. On the Exchange Advanced tab, click “Mailbox Rights
  3. On the “Permissions for (Username)” dialog, click “Advanced
  4. On the Advanced Security Settings page, click the column header “Name” to sort by name
  5. Find the user that has permission to the affected archive and verify that it is not inherited under the “Inherited Fromcolumn.
  • If the user has permissions that were not inherited, they will be applied to the archive.
  1. To prevent the permission from being applied, remove the user from the list by highlighting the username and clicking “Remove”
  2. Click “OK” three times, then close Active Directory Users and Computers
  3. On the EV server, open the Vault Administration Console (VAC)
  4. Expand “Enterprise Vault Servers” and select “Tasks
  5. On the right hand pane, right click the archiving task for the Exchange Server that hosts the affected user's mailbox and click “Properties
  6. On the “Synchronizationtab, click “Selected mailboxes”, then click “Synchronize
  7. Type the name of the affected user in the “contains” field, and click “OK”
  8. Select the affected user from the list, then click “OK”
  9. When the mailbox has finished synchronizing, click “OK” to close the properties window
  10. Expand Archives, and select “Exchange Mailbox
  11. Open the properties of the affected user's archive from the list on the right
  12. Click Permissions, and verify the permissions are applied as expected.
 
Likewise, if permissions are set in AD and the desired result is to have these permissions propagated to the user archive it will be necessary to synchronize inherited permissions. This can be controlled by the policy as follows:
 
1. In the Enterprise Vault Admin Console (VAC) expand the site container
2. Within the Policies container expand Exchange and locate the Mailbox policy you wish to modify
3. Right click the policy and select properties. In the resulting pop up select the "Advanced" tab
4. Locate the setting called "Inherited Permissions" and select modify. Set this option to ON, to allow the synchronization of AD  permissions. Set this to OFF if you would like to stop synchronizing AD  permissions.
5. Click OK to accept the change and close out of the mailbox policy properties.
6. The mailboxes will need to be synchronized for this change to take effect.

 

 

 

 

Issue/Introduction

Incorrect or undesired permissions applied to archives.
Powered by Wolken Software