Default Group Memberships

TheMSsForum.com: The Microsoft Software Forum

A new staff member at one of our sites has just rang me to enquire whether
she really should be able to open anyone's mailbox! Apparently all she has
to do in Outlook (2002) is go to Open/Other users folder, put in the name,
and voila! she can see their mailbox!

Now why should this be? No-one has given permission to anyone else, so I'm
assuming wrong/modified Group relationships. So just what are the default
group memberships for ordinary and power users?

TIA
Norm Hughes
Top

Re: Default Group Memberships by Henry

Henry
Thu Jul 08 23:24:32 CDT 2004

What is her Group membership,
and what mailbox rights does that group have
in the AD User Properties
- Exchange Advanced
- Mailbox Rights ?

--
Henry Craven {SBS-MVP}
Melbourne Australia

"N. Hughes" <quadrantcomputerNOSPAM@hotmail.com> wrote in message
news:u99QObUZEHA.3304@TK2MSFTNGP09.phx.gbl...
> A new staff member at one of our sites has just rang me to enquire
whether
> she really should be able to open anyone's mailbox! Apparently all
she has
> to do in Outlook (2002) is go to Open/Other users folder, put in the
name,
> and voila! she can see their mailbox!
>
> Now why should this be? No-one has given permission to anyone else, so
I'm
> assuming wrong/modified Group relationships. So just what are the
default
> group memberships for ordinary and power users?
>
> TIA
> Norm Hughes
>
>


Top

Re: Default Group Memberships by N

N
Thu Jul 08 23:52:29 CDT 2004

Hi Henry
Thanks for getting back so quickly.

Yes, I think there's something wrong here!
She is member of Back Office Internet Users, Back Office Remote Operators,
Domain Users, and the local mail distribution group.
Mailbox rights - there are a combination of 9 users and groups which have
access, and all are inherited except Self.
Local Admin, Domain Admins, Enterprise Admins - denied full access,
otherwise top 4 permissions,
Exchange Domain Servers and Domain Users - full access [ouch!]
Everyone - read
Unknown entry (list of numbers) - Full Access ????
Self - read and full access
Server$ - Full access.

OK Henry - which ones do I keep/need!

TIA Norm Hughes




"Henry Craven" <IUnknown@Dot.Nyet> wrote in message
news:ekJEo2WZEHA.996@TK2MSFTNGP12.phx.gbl...
> What is her Group membership,
> and what mailbox rights does that group have
> in the AD User Properties
> - Exchange Advanced
> - Mailbox Rights ?
>
> --
> Henry Craven {SBS-MVP}
> Melbourne Australia
>
> "N. Hughes" <quadrantcomputerNOSPAM@hotmail.com> wrote in message
> news:u99QObUZEHA.3304@TK2MSFTNGP09.phx.gbl...
> > A new staff member at one of our sites has just rang me to enquire
> whether
> > she really should be able to open anyone's mailbox! Apparently all
> she has
> > to do in Outlook (2002) is go to Open/Other users folder, put in the
> name,
> > and voila! she can see their mailbox!
> >
> > Now why should this be? No-one has given permission to anyone else, so
> I'm
> > assuming wrong/modified Group relationships. So just what are the
> default
> > group memberships for ordinary and power users?
> >
> > TIA
> > Norm Hughes
> >
> >
>
>


Top

Re: Default Group Memberships by Henry

Henry
Fri Jul 09 00:46:05 CDT 2004

Someones been mucking with your list Norm.
( .....time for an Admin Password change .. :-)

These are taken from a pretty Std Site:

Membership:
Back Office Internet Users - Probably OK
Office Remote Operators - Doubt she needs this ??
Domain Users - Ok
local mail distribution group - Ok,

MailBox Rights: (a.Allow d.Deny)
Office Mail Operators - a.Read
Domain Admins - a.Delete a.Read a.Change a.TakeOwnership
d.FullAccess
Enterprise Admins - a.Delete a.Read a.Change a.TakeOwnership
d.FullAccess
Everyone - a.Read
Exchange Domain Servers - a.Delete a.Read a.Change a.TakeOwnership
a.FullAccess
<ServerName>$ - a.Delete a.Read a.Change a.TakeOwnership
a.FullAccess
Self - a.Full Access

--
Henry Craven {SBS-MVP}
Melbourne Australia


Administrator - Delete a.Read a.Change a.TakeOwnership d.FullAccess
"N. Hughes" <quadrantcomputerNOSPAM@hotmail.com> wrote in message
news:u#1SbCXZEHA.2488@tk2msftngp13.phx.gbl...
> Hi Henry
> Thanks for getting back so quickly.
>
> Yes, I think there's something wrong here!
> She is member of Back Office Internet Users, Back Office Remote
Operators,
> Domain Users, and the local mail distribution group.
> Mailbox rights - there are a combination of 9 users and groups which
have
> access, and all are inherited except Self.
> Local Admin, Domain Admins, Enterprise Admins - denied full access,
> otherwise top 4 permissions,
> Exchange Domain Servers and Domain Users - full access [ouch!]
> Everyone - read
> Unknown entry (list of numbers) - Full Access ????
> Self - read and full access
> Server$ - Full access.
>
> OK Henry - which ones do I keep/need!
>
> TIA Norm Hughes


Top

Re: Default Group Memberships by N

N
Fri Jul 09 02:37:34 CDT 2004

Thanks Again Henry.
I've duplicated your settings but I fear I've broken something else - the
boss's secretary just called me and wanted to know why she can no longer
access the boss's mailbox!!! And another user want's to make her Contacts
folder into an address book but the option is greyed out! OOPS! Can I fix
this - is there a way to restore all the security defaults?
Dang! Friday night too!

Norm Hughes

"Henry Craven" <IUnknown@Dot.Nyet> wrote in message
news:O8lt1jXZEHA.4032@TK2MSFTNGP11.phx.gbl...
> Someones been mucking with your list Norm.
> ( .....time for an Admin Password change .. :-)
>
> These are taken from a pretty Std Site:
>
> Membership:
> Back Office Internet Users - Probably OK
> Office Remote Operators - Doubt she needs this ??
> Domain Users - Ok
> local mail distribution group - Ok,
>
> MailBox Rights: (a.Allow d.Deny)
> Office Mail Operators - a.Read
> Domain Admins - a.Delete a.Read a.Change a.TakeOwnership
> d.FullAccess
> Enterprise Admins - a.Delete a.Read a.Change a.TakeOwnership
> d.FullAccess
> Everyone - a.Read
> Exchange Domain Servers - a.Delete a.Read a.Change a.TakeOwnership
> a.FullAccess
> <ServerName>$ - a.Delete a.Read a.Change a.TakeOwnership
> a.FullAccess
> Self - a.Full Access
>
> --
> Henry Craven {SBS-MVP}
> Melbourne Australia
>
>
> Administrator - Delete a.Read a.Change a.TakeOwnership d.FullAccess
> "N. Hughes" <quadrantcomputerNOSPAM@hotmail.com> wrote in message
> news:u#1SbCXZEHA.2488@tk2msftngp13.phx.gbl...
> > Hi Henry
> > Thanks for getting back so quickly.
> >
> > Yes, I think there's something wrong here!
> > She is member of Back Office Internet Users, Back Office Remote
> Operators,
> > Domain Users, and the local mail distribution group.
> > Mailbox rights - there are a combination of 9 users and groups which
> have
> > access, and all are inherited except Self.
> > Local Admin, Domain Admins, Enterprise Admins - denied full access,
> > otherwise top 4 permissions,
> > Exchange Domain Servers and Domain Users - full access [ouch!]
> > Everyone - read
> > Unknown entry (list of numbers) - Full Access ????
> > Self - read and full access
> > Server$ - Full access.
> >
> > OK Henry - which ones do I keep/need!
> >
> > TIA Norm Hughes
>
>


Top

Re: Default Group Memberships by Henry

Henry
Fri Jul 09 02:58:13 CDT 2004

You'll need to add the secretary to the Boss's profile Email Right's
and give her the access she needs, (read/write/change).
...same goes for others who need access to each other's mail.

Don't know about the Contacts > AddressBook problem though - I'd have to
research that one up.

It's 3min to Scotch O'Clock - I'm out of here.
;-)

--
Henry Craven {SBS-MVP}
Melbourne Australia


"N. Hughes" <quadrantcomputerNOSPAM@hotmail.com> wrote in message
news:etIhreYZEHA.3112@TK2MSFTNGP09.phx.gbl...
> Thanks Again Henry.
> I've duplicated your settings but I fear I've broken something else -
the
> boss's secretary just called me and wanted to know why she can no
longer
> access the boss's mailbox!!! And another user want's to make her
Contacts
> folder into an address book but the option is greyed out! OOPS! Can I
fix
> this - is there a way to restore all the security defaults?
> Dang! Friday night too!
>
> Norm Hughes


Top