Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archive Explorer shows another users email

Created: 09 May 2012 • Updated: 12 May 2012 | 6 comments
This issue has been solved. See solution.

Hi All,

I was very surprised when I saw few other users shown in the archive explorer  when I open archive explorer through OWA

e.g I open users A archive explorer and I can access mails of users B,C,D etc.(Kindly find an attachement for more clearity)

When I try to get more information I found that, EV service account has give read write and delete permission on these users vault.

Please help me.

Thanks

Discussion Filed Under:

Comments 6 CommentsJump to latest comment

Machine's picture

Enterprise Vault synchronizes these changes.  The permissions can be turned off on the EV side (in the VAC) or on the Exchange server (after which you will need to wait for - or force - a synchronization of the permissions via the appropriate EV archive task).

Ameen's picture

It seems user who can see other user's archive through AE has permission on other user's mailbox. You can remove this permission from Exchange server side and the same will get replicated to EV.

Note- Some permissions are not visible in Exchange side because its given through Outlook and you can use 'PermissionBrowser.exe' to find out who has permission in the folder level.

If you are looking for a tool from Exchange side to report permission on the whole mailboxes in the production then please follow below link,

http://gallery.technet.microsoft.com/scriptcenter/Generate-HTML-Report-for-da0f5132

Hope this helps!

JesusWept3's picture

When you open up AE, are you logged on with the evadmin credentials? Because you said you can see that the archives in the VAC show the evadmin has read/write/delete... Meaning its doing exactly what it's meant to do

SOLUTION
mayu's picture

Thanks all of you

My problem has resolved after I remove the permissions given to EV service account on these users vault and forcely synchronise permissions via archive task.

It also clear that this is due to the rights given to the EV service account and not from exchange side

but still I am not clear why it was showing to other users?

I have not provide EV service account credentials at all when I open archive explorer.

Ameen's picture

I am not getting the point that you have removed the permission from EV side for Service account and after that all other user are not able to see the itesm! Since you have only cleared the permission of service account how that affected others?

mayu's picture

Hi Ameen,

That is one of the mystery I haven’t understand my problem had resolved but still I have not understand the reason behind that

If I provide read write and delete permission on few users archive vault to EV service account that users vault is accessible to other users through archive explorer

This is an expected behavior in EV?