Re: How can I identify someone using "Send As" permissions

Tech-Archive recommends: Fix windows errors by optimizing your registry

We are using an engineering product called ProjectWise. The service account
is in the Domain Admins group (not familiar with the product, but am assuming
that was a requirement). This isn't widely used and the events I've examined
involved people that wouldn't be using the product.

We are also using a SolarWinds network\application monitoring product that I
wouldn't think would be a source for these.

Other than these apps, only domain admins have send as permissons.

Are you the "Microsoft Private MDB" and the Blackberry Enterprise Server
account entries like I'm seeing?? I have the diagnostic level set at Minimum.

"jamestechman" wrote:

Do you have any other third party apps besides BES? Is there any other
service account that has send as rights across the board? I have
enabled mine for testing I'm am not seeing any false positives, I see
serveral entries periodically but they are normal.


James Chong (MVP)
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com



On Oct 1, 3:55 pm, Midwest Muskie
<MidwestMus...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I had already created a new account to do some testing earlier. I used
another "joe member" test account to try to send as the new account. The
attempt was bounced with a "you do not have permissions..." error. I am
seeing enough of the User A sending as User B entries that I can't believe
they are all these User As are trying to send as User Bs. None of the User
As have Send As permissions to the User B accounts. I thought that they
might be generated by a User A admin assistant that was responding to meeting
requests for User B, but in the few cases I looked at User A was not
receiving User B meeting invitations. Many of the ones I looked at have a
connection, but rather than an assistant sending as a manager, they seem to
be the other way around. That is the manager is sending as the assistant.

Mike



"jamestechman" wrote:
1. Where are you checking the permissions on the accounts or Exchange
objects like the store?
2. I would start off by creating a new account (non admin) and test if
it can send as another user. Let's see if you have Sendas rights wide
open.

James Chong (MVP)
MCITP | EA | EMA; MCSE | M+, S+
Security+, Project+, ITIL
msexchangetips.blogspot.com

On Oct 1, 3:28 pm, Midwest Muskie
<MidwestMus...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks for your reply, Rich.

I am now seeing a large number of Event ID 1032 entries now. More than I
expected. A large number are sending as Microsoft Private MDB. Another
large number are sending as the Blackberry Enterprise Server account. Still
others are sending as themselves. What I am troubled by is the large number
of User A sending as User B entries. In all but a very few cases User A does
not have Send As permissions to User B's account. Nor does he have any
permissions to any of User B's folders (checked with PFDAVAdmin). What are
the other scenario(s) that might cause an Event ID 1032 to be created like
this??

Mike

"Rich Matheisen [MVP]" wrote:
On Wed, 30 Sep 2009 13:39:01 -0700, Midwest Muskie
<MidwestMus...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

A follow-up question. Am I correct in my understanding that copies of emails
sent using either "Send As" or "Sent in Behalf Of" only reside in the actual
sender's Sent Items folder? That is, the mailbox belonging to the person in
the From field has no evidence of the message having been sent?

That's correct.
---
Rich Matheisen
MCSE+I, Exchange MVP- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -


.

Relevant Pages

  • Re: Domain groups show up as a SID
    ... I believe that is the way security ... If you logon as a member of a Domain Admins group, but the Local Admins group is ... So if the Domain Admin group has an account named Administrator and the Local ... SID's for all Permissions viewed and granted to any Domain Account. ...
    (microsoft.public.win2000.security)
  • Re: Grant Administrative Access to a Domain Controller
    ... Create an account and allow them full ... Remember that objects ALSO have explicit defined permissions. ... you did not mention the domain administrators group (not Domain Admins). ... Objects protected by the AdminSDHolder only have explicit defined permissions which are the same as the AdminSDHolder object itself. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Registry entries protected... help
    ... When I try to add modify the entry such that the "Everyone" user has ... it tells me that I can not change the permissions. ... account which may have added these entries to the registry... ...
    (microsoft.public.windowsxp.security_admin)
  • Security permissions on specific account wont take
    ... I have a particular account that I need to set permissions on, ... asisstant full mailbox access so she can monitor his mailbox in her Outlook, ... One thing I noticed is the opton on his account to inherit permissions from ... Should I remove Domain Admins from the permissions list, ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Re: Incoming E-Mail - cant create contact in OU
    ... Go to the OU in security/advanced I added my sharepoint application pool ... that account a little (if the web app is compromised or something, ... Now I understand that you have given the account "full rights" of the OU, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)