Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Permission Problems

Created: 01 Jun 2006 • Updated: 22 May 2010 | 2 comments

There is some kind of permissions problem going on in my environment where several people can see the same 6 vaults when manually archiving an item. I can not see the permissions set in either the EV admin console, AD, or on the mailboxes in Outlook.

One thing all six have in common is in the EV admin console the BUILTIN\Administrators group has Read, Write, Delete permissions that are Automatically set. When I try to remove this group I get a message that reads
"Account 'BUILTIN\Administrators' cannot be removed as it has 'Automatically set' permissions associated with it."

Any ideas how to remove the automatically set permissions or otherwise remove this group from having permissions to these 6 particular vaults?

Discussion Filed Under:

Comments 2 CommentsJump to latest comment

Jason Szeto's picture

The automatically set permissions are pulled from the mailbox permissions. Check the mailbox permissions and see if the builtin\administrators group has rights on it.

Also you can set a deny permission for the administrators group on the archive as well.

Michael Bilsborough's picture

EV has put those permissions on the archives because those accounts have access to the mailboxes.

You can do a few things

1. Remove those accounts so they don't have access to the mailboxes
2. Check to see if you have includeinheritedrights registry key set which might be causing the accounts to be granted to the archive
3. As a quick workaround add the builtin\administrator account to the archives manually but grant the DENY priv.