Re: Script-in SELF Permission?

Hum...
I'm not sure, and I'm not im position to confirm that at this moment but you shouldn't need the SELF security principal to do that... If the user has the correct rights for the mailbox that should do it (I think), any way you can look for dsacls
http://support.microsoft.com/kb/281146
If the Send As is being reseted sounds like these users are members of protected groups
Description and Update of the Active Directory AdminSDHolder Object
http://support.microsoft.com/?id=232199
AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?id=318180
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/kb/907434
Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?id=817433
--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

<gf@xxxxxxxx> wrote in message news:1164065338.807081.7920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I should have noted in the original post that this is Exchange 2003 and
Windows 2003 Active Directory.

The links you provided tell me how to fix the portion that I already
have a script for. Im all set in the mailbox rights area, its the
Security Tab of the user object (Advanced Features in ADUC) that is
missing the SELF account.

Using the script Quest gave me to fix the msExchangeSecurityDescriptor
problem will allow the users to log on to their mailbox which is great,
but once they're in, they wont be able to set up delegates and things
like that. SELF needs to be in the Object's Security Tab with the
rights I listed above in order for them to be able to do those things.

To summarize, I need a script or app that will go into each user object
and add SELF with those 6 rights.

Thanks!
Greg


Jorge Silva wrote:
Hi
Is it Exch 2000?
Read MS has a script to do his on multiple users
http://support.microsoft.com/kb/830830
http://support.microsoft.com/kb/329169

--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

<gf@xxxxxxxx> wrote in message
news:1164062203.148901.13890@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hey guys..
>
> Hoping you can help out here. We migrated from NT/Ex 5.5 about a year
> ago. We are now in the process of shutting down our legacy NT domains.
> We have come across a problem while decommissioning the NT Domains:
>
> For some reason, about 1000 of our 4000 accounts do not have the SELF
> permission in the mailbox rights, or the security tab of the user
> object.
>
> Quest was nice enough to give me a vbscript that would fix the SELF
> permission in the mailbox rights area, but they dont have anything to
> add SELF to the security tab of the user.
>
> Does anyone know of an easy way to add SELF to the objects in bulk, and
> add the following:
>
> Change Password - Allow
> Send As - Allow
> Receive As - Allow
> Write Personal Information - Allow
> Write Phone and Mail Options - Allow
> Write Web Information - Allow
>
> I assume a vbscript could do it, but I dont know much about scripting,
> nor do I know the places in ADSI to modify them. I just want to avoid
> going thru 4000 accounts individually and adding them.
>
> Please help! :)
>
> Thanks
> Greg
>


.

Relevant Pages

  • Re: Script-in SELF Permission?
    ... Im all set in the mailbox rights area, ... Using the script Quest gave me to fix the msExchangeSecurityDescriptor ... I need a script or app that will go into each user object ...
    (microsoft.public.windows.server.active_directory)
  • SUMMARY WAS: OT? Philosophical Question on SA responsibilities
    ... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
    (SunManagers)
  • Re: Clarification-Win2k Netstat sockets interpretation
    ... snip.. ... Before I could manually download every security upate and servicepack from MS.com but now...they send you a bit of Cop-code that fails to run unless ALL defences are down ... Are you sure the script from ntsvcfg is benign in addition to being useful? ... You are absolutely correct there HAL, er ah, Sebastian. ...
    (alt.computer.security)
  • [NT] Flaw in Windows Script Engine Could Allow Code Execution
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Script Engine provides Windows operating systems with the ... blocked by Outlook Express 6.0 and Outlook 2002 in their default ...
    (Securiteam)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... I consider JavaScript (known to security people as JavaVirus) as one of the Really Top ... to have a bad script cause damage to my machine. ... This security feature is called the "Local Machine Zone Lockdown". ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)