Re: Send As Rights help
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Wed, 08 Aug 2007 11:26:42 GMT
Hi,
I am glad to know you found the answer. I'd like to give you the following
information for your reference:
319878 XWEB: How to Make Outlook Web Access the Default Web Site
http://support.microsoft.com/?id=319878
How to share an SMTP address space in Exchange 2000 Server or in Exchange
Server 2003
View products that this article applies to.
http://support.microsoft.com/kb/321721
How to configure ISA Server 2006 or ISA Server 2004 to allow for RPC over
HTTP client connections from Office Outlook 2003 to Exchange Server 2003
http://support.microsoft.com/kb/884506/en-us
Hope this helps.
If you have any questions, please don't hesitate to post in our newsgroup
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<From: <RealDeal1@xxxxxxxxxxxxx>
<References: <uqwhrlS2HHA.1208@xxxxxxxxxxxxxxxxxxxx>
<Subject: Re: Send As Rights help
<Date: Tue, 7 Aug 2007 13:41:40 -0700
<Lines: 53
<X-Priority: 3
<X-MSMail-Priority: Normal
<X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<X-RFC2646: Format=Flowed; Response
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<Message-ID: <ed9mmNT2HHA.464@xxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.exchange.admin
<NNTP-Posting-Host: 64-172-142-154.sjgov.org 64.172.142.154
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.exchange.admin:38800
<X-Tomcat-NG: microsoft.public.exchange.admin
<
<Found the answer. NVM.
<
<Q: Why can domain administrators spoof mailbox-enabled user accounts in
<their domain?
<A: Active Directory includes a base set of permissions that can be applied
<against objects in the directory. In particular, Active Directory includes
<the Send As extended permission. By default, the Administrators group, the
<Domain Admins group, the Enterprise Admins group, and the Account
Operators
<group have Send As permissions for all users. The Administrators group
<permissions and the Enterprise Admins group permissions are inherited from
<the domain level. The Account Operators group and the Domain Admins group
<receive explicit permissions that are based on the definition of the user
<object that is in the Active Directory schema.
<
<You may want to consider implementing a Deny Send As ACE against
<administrators for user objects in the domain. If you decide to implement
a
<Deny Send As ACE against administrators for user objects in the domain,
<consider the following:
<
< a.. An explicit Allow ACE will override an inherited Deny ACE. That
means
<that explicit ACEs are applied before inherited ACEs.
<
< b.. Members of the Domain Admins group can remove the Deny ACE and add
an
<explicit Allow ACE.
<
< c.. The addition of a Deny ACE may have additional consequences in your
<environment.
<
<If implementing a Deny Send As ACE against administrators for user objects
<in the domain puts your messaging environment at risk, you should
implement
<one or more of the following:
<
< a.. Limit the number of domain administrators in the domain by
delegating
<specific tasks. For more information, see Best Practices for Delegating
<Active Directory Administration.
<
< b.. Use auditing to monitor the account logon events for those accounts
<that are members of the Domain Admins group.
<
<
<<RealDeal1@xxxxxxxxxxxxx> wrote in message
<news:uqwhrlS2HHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
<>I think I have a bit of a problem with permissions. Should the
<>Domain\administrators group that is part of the Builtin OU have "Send As"
<>and "Receive As" rights? I want to make sure that this has not been
changed
<>from default by mistake. Also, The "Send As" and "Receive As" deny rights
<>are NOT checked. Can you check your permissions on your domain and tell
me
<>if this is correct?
<>
<> Thank you in advance.
<>
<
<
<
.
- References:
- Send As Rights help
- From: RealDeal1
- Re: Send As Rights help
- From: RealDeal1
- Send As Rights help
- Prev by Date: 550 5.7.1 Unable to relay... when delivering locally to newly-installed, additional server.
- Next by Date: Re: TO STOP AND RE-START THE INFORMATION STORE.
- Previous by thread: Re: Send As Rights help
- Next by thread: Re: Send Connector - Address Space
- Index(es):
Relevant Pages
|
Loading
