Re: "Send As" Permissions
- From: "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
- Date: Thu, 11 May 2006 16:45:57 -0500
I'd comment that it is unusual to have Administrators be able to Send As all
user accounts.
It certainly isn't so by default. At most, if folks in those groups really
do Send As other users (it's a huge hole if they can), then you should be
finding out from them. Like I mentioned, it won't break anything, and since
those groups by default don't even have Full Mailbox Access, you won't hurt
anything.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Marks70" <Marks70@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ED440311-155F-44B6-824C-777E1A29F561@xxxxxxxxxxxxxxxx
Hi Ben,
Thanks, and I totally understand what you're saying. However, that is my
main concern. I don't know if I need to give those accounts that I listed
the
"Send As" permission or not, since these accounts have this capability
right
now (until I apply the patch).
"Ben Winzenz [Exchange MVP]" wrote:
Let me explain it this way.
When you set Send As/Receive As at the Mailbox Store level, this turned
into
Full Mailbox Access on the user account.
Prior to this patch, Full Mailbox Access apparently also allowed one to
send
mail as that particular user. Following application of the patch, if you
have Full Mailbox Access, and also need to Send As a particular user
(other
than your own account), you will need to grant Send As permissions on the
specific mailbox (user account properties).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Marks70" <Marks70@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1AD69975-7CCE-4CED-936C-67C4D31A40A9@xxxxxxxxxxxxxxxx
Yes, the script indicated that those accounts had Full Mailbox Access.
I'm
not really concerned about not receiving e-mail but sending e-mail. I
just
don't know what process(es) might require these accounts to have "Send
As"
capabilities.
"Ben Winzenz [Exchange MVP]" wrote:
Did the script indicate that those groups have Full Mailbox Access?
The patch will NOT affect the ability to receive mail. It just means
that
Send As/Receive As, and Full Mailbox Access, have finally been
separated
like they should have been a while ago, and that there are different
levels
of Send As/Receive As.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Marks70" <Marks70@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:22AE8DEB-D357-4A5D-BD38-F6728138CFED@xxxxxxxxxxxxxxxx
I'm preparing to install the newly released patch (MS06-019) for the
Exchange
vulnerability. I ran the script provided in a related Microsoft KB
article
that shows all accounts in your domain that have Full Mailbox Access
but
don't have "Send As" permissions. When I ran the script it showed
that
for
all mailboxes, the following accounts did NOT have "Send As"
permissions:
Administrator
Domain Admins
Enterprise Admins
Exchange Domain Servers
Exchange Services
I'm wondering if this is normal, or if these accounts should have
the
"Send
As" permission on all mailboxes? I'm concerned that if I install the
patch, a
lot of e-mail is going to stop working.
Thanks!
.
- References:
- Re: "Send As" Permissions
- From: Ben Winzenz [Exchange MVP]
- Re: "Send As" Permissions
- From: Ben Winzenz [Exchange MVP]
- Re: "Send As" Permissions
- From: Marks70
- Re: "Send As" Permissions
- Prev by Date: Re: strange delivery problem
- Next by Date: Re: OWA Keeps asking for username and password
- Previous by thread: Re: "Send As" Permissions
- Next by thread: Are user certs broken when used on a front end server?
- Index(es):
Relevant Pages
|
