I have a new Exchange 2000 server setup. My problem is with permissions. Any person can open any other person's personal folder (ie. Inbox, Calendar). However, if I goto the properties of my inbox it says no permissions. Is there something that I setup incorrectly? Can anyone help?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Exchange Permissions
- Thread starter PalmIdiot
- Start date
You may want to check the mailbox permissions in Active Directory. Open a user account, select the Exchange Advanced tab, select mailbox rights, and review the permissions. Make sure the Everyone group doesn't have Full Mailbox access. Maybe this is the cause?
- Thread starter
- #3
Domain users and Everyone has full access, however, those rights are being inheritied. I am checking these permissions inside my M: drive. where the MBX folder is shared and everyone and Domain users have Full control. I am assuming that is incorrect. What should the permissions be set at for that folder? Thanks for any advice you can give.
- Thread starter
- #4
- Thread starter
- #6
Your MBX folder should be shared under the Web Sharing tab if you want to use OWA. Otherwise, I don’t think it’s necessary to share it with file permissions. You will want to check the NTFS permissions on the individual mailbox folders and make sure the Everyone and Domain Users groups don’t have full access. The accounts you want to have full access are the Exchange Servers Group, any Exchange service accounts, and any backup service accounts. I still think the best way to manage mailbox permissions is through AD Users and Computers. I believe it’s designed to add the correct permissions to the correct directory folders when you make any changes under the Mailbox Rights option.
- Thread starter
- #8
Brazil01,
I am using OWA so that is why the MBX folder is shared. However that share gives FULL rights to both everyone and Domain USERS. So should I take those permissions away at the MBX level so they flow down? How would you control access inside AD?
I am using OWA so that is why the MBX folder is shared. However that share gives FULL rights to both everyone and Domain USERS. So should I take those permissions away at the MBX level so they flow down? How would you control access inside AD?
You don't have to share anything for OWA to work. Stop doing that 
The right is on the mailbox store in ESM under security. Click on a group and scroll under permissions and Send As and Receive As should be Deny only. Dan
Microsoft Exchange Support @ Microsoft
The right is on the mailbox store in ESM under security. Click on a group and scroll under permissions and Send As and Receive As should be Deny only. Dan
Microsoft Exchange Support @ Microsoft
Just to clarify- you do need to have the MBX folder shared under the Web Sharing tab in order for OWA to work correctly, but you don’t need to have any FILE sharing enabled (Sharing tab). The permissions you want to look at are the NTFS permissions under the security tab. These permissions are directly related to the mailbox rights set in Active Directory Users and Computers. To access these through AD, open Active Directory Users and Computers, select a users name and open up their properties, select the Exchange Advanced tab, select Mailbox Rights, and review the accounts/groups that have permissions. Make sure the Everyone group doesn’t have Full Mailbox Access. There may be other things going on that are affecting access rights, but this is where I’d start because it would cause the exact problem you’re having.
Hope this works out for you.
Hope this works out for you.
- Status
Similar threads
- Locked
- Helpful tip
- Locked
- Question
