ADSIEdit
-----Original Message----- From: Jason Clishe [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 11:14 AM To: Exchange Discussions Subject: Exchange permissions I've recently inherited an Exchange 2000 Organization. One of the first things that I noticed was that all Domain and Enterprise Administrators have the ability to open and read anyone's mailboxes. I've checked the ACL on our mailbox store (we only have one), and both Domain Admins and Enterprise Admins have an inherited "Allow" under Send As and Receive As. Obviously this is not the default configuration. I've made the registry adjustment listed in Q259221 to allow me to see the security tab at the Org level. Even at the Org level, Domain and Enterprise Admins are still inheriting an allowed Send As and Receive As. But here's something else I noticed: when I use the Delegation Wizard at the Org level to add an Exchange Full Administrator, and then check the ACL on the Org, the new administrator that I just added gets inherited allows on Send As and Receive As, but also gets explicit denies on both of those ACE's. From that point down the heirarchy, only the explicit deny is inherited. So my question is this. At the org level, by default, are Domain Admins and Enterprise Admins set with inherited allows *and* explicit denies on Send As and Receive As? This would indicate to me that perhaps a previous administrator here simply removed the explicit deny? If someone could check the ACL on your Exchange Org and let me know what permissions Domain Admins and Enterprise Admins have, I'd much appreciate it. Thanks Jason _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]