Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Remove mailbox folder permissions (Exchange 2010 SP1/Evault 9.0.2)

Updated: 17 Feb 2012 | 6 comments
smlopes's picture
smlopes
0 0 Votes
Login to vote
This issue has been solved. See solution.

Synchronize folder permissions mailbox policy setting is turned to "On". Folder permissions are coming over to the archive ok, however, I am now getting complaints that the users don't want to see other user's archives. I used the PermissionBrowser and verified the folder permissions exist. Is there a recursive command or script that I can use to remove mailbox folder permissions in Exchange for ALL folders instead of removing folder permissions one by one?

Discussion Filed Under:
, , ,

Comments

JesusWept2's picture
10
Jan
2012
0 Votes 0
Login to vote
JesusWept2
Trusted Advisor
Certified

http://www.symantec.com/busin

http://www.symantec.com/business/support/index?pag...

Change ArchiveName to be ALL and it will zap all user permissions
You will have to synch with folder hierarchy and permissions checked or wait for a regular archiving run to occur to get the permissions back, if you keep the folder permissions option to On the permissions will come right back, so set it to off

TonySterling's picture
10
Jan
2012
0 Votes 0
Login to vote
TonySterling
Trusted Advisor
Accredited
Certified

Wouldn't it be easier to just

Wouldn't it be easier to just turn Off the setting to Synchronize folder permissions?

You could look at the the Powershell script to remove folder permissions.

http://technet.microsoft.com/en-us/library/dd35118...

Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK

JesusWept2's picture
10
Jan
2012
0 Votes 0
Login to vote
JesusWept2
Trusted Advisor
Certified

if you turn sync permissions

if you turn sync permissions off though, it will still keep the old permissions, no?

TonySterling's picture
10
Jan
2012
0 Votes 0
Login to vote
TonySterling
Trusted Advisor
Accredited
Certified

LOL, that's true!  So you

LOL, that's true!  So you would want to zap the permissions like you said. smiley

Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK

smlopes's picture
03
Feb
2012
0 Votes 0
Login to vote
smlopes

That's the easy answer.

That's the easy answer. Doesn't complete solve my question though.

1) Does it reset everyone's permissions that already have access to other user's archive?

2) What's best practice on assigning archive permissions with the folder sync off? Does system admin now have to manually add permissions everytime someone needs access to someone's archive?

JesusWept2's picture
03
Feb
2012
0 Votes 0
Login to vote
JesusWept2
Trusted Advisor
Certified

if you do a permissions zap

if you do a permissions zap on a mailbox it will completely remove all permissions from the archive, and then when it synchronizes it will take whatever you tell it to sync, so in this case it will just sync the mailbox permissions and nothing else

If someone else needs access, you would have to assign them in the VAC and that would give them the read only for the entire archive

I suppose you could create a new provisioning group and a new policy that only synchronizes the permissions for a certain amount of users that are ok with this

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,016