Re: Question: What is the parent object of the Server in Exchange 2003?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: James Burrage [MSFT] (jburrage_at_online.microsoft.com)
Date: 02/06/04 

Date: Fri, 6 Feb 2004 12:12:17 -0600

Hi,

The Administrator account inherits the Deny for Send As/Receive As from the
Organization Level. You can see this if you follow the steps in the
following Knowledge Base article to add the Security Page to all objects in
ESM.

259221 XADM: Security Tab Not Available on All Objects in System Manager
http://support.microsoft.com/?id=259221

You can then go to the properties of the Organization object in ESM and go
to the Security Tab. You will see the account listed there and this is where
the Deny is set for Send As/Receive As. 

-- 
Thanks,
James Burrage
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email to this address, post a reply to this newsgroup.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Vo" <vo243@hotmail.removeme.com> wrote in message
news:Xns94876F76295FEvo243hotmailcom@207.46.248.16...
> For some silly reason, my user account is set up to Deny "Send As" and
> "Receive As" at the server level in Exchange 2003, and it's inheriting
this
> setting from the parent object.  I don't want to remove the inheritance
and
> start making everything below go out of whack, so I'd like to find the
> parent and change the setting for my account (or actually, remove it
> entirely).
>
> What's the parent of the Server where I can do this?  Everything else in
> the heirarchy in Exchange System Manager does not have security
permissions
> set?  Where can I check this--and where is the "top" ?
>
> Thanks!
>

Relevant Pages

  • Re: Question: What is the parent object of the Server in Exchange 2003?
    ... > The Administrator account inherits the Deny for Send As/Receive As ... > from the Organization Level. ... Security Tab Not Available on All Objects in System ...
    (microsoft.public.exchange.admin)
  • Re: Need to filter domain admin from GPO
    ... But think always about the part that a deny is the highest blocking you set and if you forget that you have set a deny or you are not in and someone else have to search for errors, it will be really heavy to find it. ... It's best practice to use a 2nd administrator account as your ... Block inheritance (I would have to move the domain admin from ... particular GPO using ACL deny. ...
    (microsoft.public.windows.group_policy)
  • Re: Web Server 2003 File Sharing
    ... > I've tried removing Deny Everyone, but this doesn't seem to help. ... > Administrator account name. ... > the new administrator credentials ... >>Can anyone give me any pointers as to what Local Security Policy ...
    (microsoft.public.windows.server.general)
  • Re: Modifing Accessibilty in Limited Acccounts
    ... > The Security tab can only be accessed in Safe Mode in the ... Log in with the administrator-owner account in safe mode.. ... >> a) Login as the administrator in safe mode and see if it's present now. ... >> While in the GPO snap in look for other enabled directives which could be ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Wierd permissions on user accounts
    ... That said, as I mentioned earlier, your permissions are bad. ... *nobody* will be able to change password on the account. ... I have the following deny rules.. ...
    (microsoft.public.windows.server.active_directory)