Re: Restrict Mailbox Access - Help !!!

Authenticated Users is likely the problem. It's a built-in group
(NTAuthority\Authenticated Users). I have no idea how it got there - it
isn't usually there by default. You should be able to safely remove it - at
the very least, remove the Send As/Receive As permissions. Once you do
that, see if the problem resolves itself.

Sorry about the wrong KB - must have not copied to clipboard correctly.
Here's the right one.
http://support.microsoft.com/default.aspx?scid=kb;en-us;264733&sd=tech

--
Ben Winzenz
Exchange MVP
MessageOne


"Ant_IT_tEAM_eDUCATION_UK" <AntITtEAMeDUCATIONUK@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:7F2976C3-02D0-4F91-8022-1E8E8B1199BB@xxxxxxxxxxxxxxxx
> Hi,
>
> Thanks for the Speedy response Ben! I have had a look at the permissions
> on
> the Mailbox Store, the everyone group isn't in there, if it was being
> inherited from a higher level, i.e. Organistaion, then I'm guessing I
> would
> see the everyone group in there but not be able to modify it. This is a
> list
> of the users and groups on the Mailbox store (All have ful mailbox access)
>
> Administrator
> Administrators (Group)
> Authenticated Users (Group)
> Backup Administrator
> Daniel Crouch (Member of Admin)
> Domain Admins (Group)
> Exchange Domain Servers
> Exchange Enterprise Servers
> EXCHANGESERVER2$ (Looks like the Computer account name with a $ on the
> end?)
> Guy Wilson (Member of admin)
> SELF (Should this ber here)
>
> I am about to have a look at ADSIedit and check the permissions on the
> organisation, The article you listed on the MS Support site was for was a
> code red worm fix/removal tool, is this correct?
>
> All the best
>
> Antony
>
>
>
>
> "Ben Winzenz [Exchange MVP]" wrote:
>
>> I'd start out at the Mailbox Store level. View the permissions and see
>> which users/groups have been granted Send As/Receive As permissions on
>> the
>> Mailbox store - this equates to Full mailbox access. The permission will
>> either be inherited from a higher level, or explicitly set. If it is
>> explicit (check mark with white background, not grey), then someone
>> purposefully set those permissions. I'd check to see if the Everyone
>> group,
>> or the Domain Users group has somehow been granted that permission. If
>> it
>> has been inherited, then walk up the tree and find out where it has been
>> set. It will most likely be at the Org level. To view permissions on
>> the
>> Org, you either need to implement
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;316612, or you
>> need
>> to use ADSIEdit to view/modify that information.
>>
>> --
>> Ben Winzenz
>> Exchange MVP
>> MessageOne
>>
>>
>> "Ant_IT_tEAM_eDUCATION_UK"
>> <Ant_IT_tEAM_eDUCATION_UK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:DEC63167-E1C3-44BC-A8AB-1DBC4EB6703C@xxxxxxxxxxxxxxxx
>> > Hi Guys,
>> >
>> > I have been trying to find a way to do this for ages and ages and now
>> > my
>> > boss is on my case to get it sorted; Currently in our setup, everyone
>> > can
>> > see
>> > everyone elses mailbox, if they go to tools --> options -- Exchange
>> > profile
>> > --> Advanced and add an extra mailbox, or alternativley file open and
>> > open
>> > --> other users folder. This will work wether you are an admin or
>> > domain
>> > user. Is there a way to restrict mailbox access so that only the owner
>> > can
>> > see the mailbox and no-one else !!!
>> >
>> > I'm sure its done in systems manager --> Right click on server in admin
>> > groups and choose securtiy tabg, however doesn't seem to filter down to
>> > ad
>> > user objects. Help!
>> >
>> > Thanks in advance
>> >
>> > Antony Clifford
>> > IT SYSTEMS
>> > Education DIrect
>>
>>
>>


.

Relevant Pages

  • Re: Restrict Mailbox Access - Help !!!
    ... of the users and groups on the Mailbox store ... Exchange Enterprise Servers ... I am about to have a look at ADSIedit and check the permissions on the ... > either be inherited from a higher level, ...
    (microsoft.public.exchange.admin)
  • Re: Restrict Mailbox Access - Help !!!
    ... remove the Send As/Receive As permissions. ... >> of the users and groups on the Mailbox store ... >>> either be inherited from a higher level, ... >>> Exchange MVP ...
    (microsoft.public.exchange.admin)
  • Re: Exchange 2003 additional mailboxes in Outlook
    ... I don't know what to say other than there has to be a permissions issue on ... Mailbox Store on the 2003 server and ensured that it is set up to "Apply to ... >> Exchange MVP ...
    (microsoft.public.exchange.admin)
  • Re: Exchange 2003 - Giving a user full rights to read/write all ma
    ... I click on the security tab for the mailbox store. ... but I'll list the only permissions I have available to me in that ... see that "Allow Impersonation to Personal Exchange Information" ... Exchange mailboxes from a second server. ...
    (microsoft.public.exchange.admin)
  • Exchange 2003 - Giving a user full rights to read/write all mailbo
    ... I'm having some trouble getting some third-party calendar/contact synch ... think I have narrowed it down to an Exchange permissions issue with the user ... Exchange mailboxes from a second server. ... permissions for the Mailbox Store in System Manager). ...
    (microsoft.public.exchange.admin)