Re: Deny account admins rights to change mailbox permissions
- From: "Ed Crowley [MVP]" <curspice@xxxxxxxxxxxxxx>
- Date: Tue, 19 Sep 2006 17:13:43 -0700
I would be very surprised if View-Only Administrator role grants the right
to change permissions on mailboxes. I suspect that your administrators are
in a group that otherwise has rights to do this. You should review the
groups that they're in and see if any have rights on the mailbox store,
server, or administrtive group.
See this link:
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3ADPerm/07316e16-0daa-4604-91e5-b0cf4ed6ac6c.mspx?mfr=true
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"G" <gwaltman@xxxxxxx> wrote in message
news:1158704506.740164.107820@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I need to give admins the rights to add and create Exchange accounts
using the ADUC tool, but I also need to deny them the rights to go in
and change the users mailbox permissions (User Properties\Exchange
Advanced\Mailbox Rights) and gain access to their email accounts.
I have already delegated accounts admins rights to the users OU giving
them some basic rights to create users accounts. When I delegate
Exchange View only admin rights, they are allowed to create mailboxes,
but it also allows them the rights to change the security settings for
the users mailbox (User Properties\Exchange Advanced\Mailbox Rights)
and allows them to add their ID's permissions to view and read the
users mailbox. I have tried to deny the rights to change permissions
at the OU level as well as the exchange level, but this does not help.
Any help would be greatly appreciated.
Thanks,
Gary Waltman
NCU
.
- References:
- Prev by Date: Re: Cannot delete NDRs from Postmaster
- Next by Date: Re: Diagnostics Logging options all grayed out on server properties
- Previous by thread: Deny account admins rights to change mailbox permissions
- Next by thread: Re: Cannot delete NDRs from Postmaster
- Index(es):
Relevant Pages
|
