Re: Administrator account has "SEND AS" right on every Mailbox
- From: Rodrigo Garcone <rodrigo_site@xxxxxxxxxxx>
- Date: Fri, 3 Jun 2005 08:41:04 -0700
Hi Freak,
Thanks for your reply. Actually, It's not about "Send on Behalf" permisison;
It's about SEND AS permission.
We all know Administrator can change any permission in AD. In this specific
case, there are Audit Settings which will show who change the permission,
from which computer and when. That way I can trace who administrator did that
and inquire him/her why it's about.
As Administrator has SEND AS permission already, I have no way to audit who
is impersonating someone, in case it happens. That's why I need to fix it.
Can you check under Security Tab in an user account If Administrator or a
group his belongs to has SEND as permission as Allow? And under Mailbox
store, can you do it too?
Thanks in advance.
--
Rodrigo Garcone
Network Specialist
MCSE + MCSA + MCP
talk to me at
rodrigo@xxxxxxxxxxx
"Freaky" wrote:
> Hmm I checked the SBS servers at 2 of our customers, on both administrator
> doesn't have Send on behalf rights if I check a user in the AD. These are
> dutch SBS 2003 servers. The std version not the premium (with sql).
>
> But what are you worried about anyway? Administrator can always claim the
> right, other than that anyone can fake the address using SMTP... Unless you
> have a lot of people with the administrator password this shouldn't be very
> much of a problem I think. If there are a lot of people with the adm
> password they can always claim the rights anyhow.
>
> Rodrigo Garcone wrote:
>
> > Hi all,
> >
> > I installed a new SBS 2003 server with Exchange. The installations
> > followed the steps recommended by MS.
> > Everything is running fine. All permissions were kept as set by the
> > installation. No rights have been granted manually.
> > There is only one issue that is driving me crazy:
> > The Administrator account can send email in the name of any
> > mailbox-enabled user in my organization.
> > At the Organization Level, the Administrator has been denied both SEND AS
> > and RECEIVE AS permission. I double checked at Mailbox Store level and the
> > permission SEND AS is set through Inheritance.
> >
> > If I go to AD Users and Computers and open User's properties then Security
> > Tab, Administrator is granted SEND AS permission, though. This permission
> > is set by inheritance as this right has been granted at Domain Level,
> > probably by Exchange Installation. Even if I explicitly Deny SEND AS at
> > User object level, It does not work at all.
> > How can I remove this behavior? Is this behavior happen by design of
> > SBS2003? I've already installed many other Exchange 2003 Std edition
> > servers and this behavior has not been showed up any time at all.
> >
> > I appreciate any kind of help.
> >
>
>
.
- References:
- Administrator account has "SEND AS" right on every Mailbox
- From: Rodrigo Garcone
- Re: Administrator account has "SEND AS" right on every Mailbox
- From: Freaky
- Administrator account has "SEND AS" right on every Mailbox
- Prev by Date: Re: extensionAttribute modifications
- Next by Date: Re: How to Set Up SMTP Authentication
- Previous by thread: Re: Administrator account has "SEND AS" right on every Mailbox
- Next by thread: Error ID 8270 for Exchange 2003
- Index(es):
Relevant Pages
|
