Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Search ALL Vaults

Created: 18 Sep 2007 • Updated: 06 Jul 2013 | 5 comments
This issue has been solved. See solution.
I got a request to search if a specific URL and attachment is in all the users vaults. I know the Discovery Accelerator would probebly do this but we dont use it.
 
My question is there a way I could do this without DA by creating a new SuperEV account that would have permission in all the user Vaults then use the Search.asp or Searcho2k.asp to search all the Vaults.
 
I tried to add a superEV account to the Exchange server via ESM and gave it full control, then I Sync the Exchange Mailbox task for that server but I could not see all the Vauls when using the Search.asp or Searcho2k.asp, then tried with the Folder hierarchy and permissions still no success.
 
Any idea...
Discussion Filed Under:

Comments 5 CommentsJump to latest comment

andra christie's picture
You can use the evpm script below for that (added some additional info below too)
 
[Directory]
DirectoryComputerName=enterprise vault directory server
SiteName=vault site name
[ArchivePermissions]
ArchiveName=ALL_MAILBOX
GrantAccess=read write delete, domain\username
 
Mandatory setting
ArchiveName
Mandatory. Specifies the name of the archive to which the permission settings will be applied.
If there are multiple folders with the same name and you specify a name, then Policy Manager modifies only the first one that it finds. In this case, you must use archive IDs to specify the archives.
Possible values:
The name of an archive
An archive ID
ALL (Permissions will be applied to all journal, shared, and mailbox archives in the specified Vault Site)
ALL_JOURNAL (Permissions will be applied to all journal archives)
ALL_SHARED (Permissions will be applied to all shared archives)
ALL_MAILBOX (Permissions will be applied to all mailbox archives)
Denis Methot's picture
Great!
Once we have done our search, is there a way to remove the added account from all the vaults.
 
Doing the search with Search.asp returns all the vaults that found matches seperatly, is there a way to get one list of all the items not broken down by vaults.



Message Edited by Denis Methot on 09-18-2007 07:30 PM

TonySterling's picture
You can use EVPM again and zap the permissions and then just run synch after the zap to set everything as it was. 
 

[ArchivePermissions]
ArchiveName  = ALL
Zap = true
 

Zap

Clears all permissions on the archive. If you specify Zap, GrantAccess and DenyAccess are ignored.

Possible values:

  • true
  • false (default)
Denis Methot's picture
From my testing (LAB) when I ran the ZAP it removes all manual permissions not just the one I assigned, not the desired effect if the vault has other manual permission previously set.
 
ReSynch may not be needed as the ZAP did not remove the automatic permissions in the Vault, and that's a good design not removing those permissions.
 
So with EVPM is seem I'm limited to GrantAccess, DenyAccess or ZAP. I though if I ran it without the Read-Write-Delete it would remove it but it did not.
 
So what I need to before proceeding in the LIVE is to confirm out of our 5,500 vault do we have vaults with manual permission set to them already. So I track it down to dbo.ACE for the column ACEType and I suspect when its a '1' there is a manual permission set on the Vault, but don't know what's a '0' and '2' and perhaps I'm wrong about the '1'.
 
Any idea on that...
TonySterling's picture
Denis,
I guess I didn't think about you having a bunch of manually added permissions!  Glad you tested. :)
 
In that case I would recommend using EVPM to grant the permissions, search, then you EVPM to set a deny the permission. 
 
Those that work for you?
SOLUTION