Not the permissions I'm looking for though. Jason
> -----Original Message----- > From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 4:56 PM > To: Exchange Discussions > Subject: RE: Exchange permissions > > You can see where the Exchange Org inherits some of the > permissions from. > > -----Original Message----- > From: Jason Clishe [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 4:31 PM > To: Exchange Discussions > Subject: RE: Exchange permissions > > What about it? > > If I use ADSIEdit to view the permissions at the Org, I see > the same thing that I see in ESM: Domain and Enterprise > Admins are inheriting allow rights for Send As and Receive > As. If I go up one level in ADSIEdit, to the CN=Microsoft > Exchange container and view the ACL there, the Send As and > Receive As ACE's aren't even there. > > What rights do Domain Admins and Enterprise Admins have at > the Org level in your environment? If someone can just tell > me that it would be great. > > Jason > > > -----Original Message----- > > From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 3:46 PM > > To: Exchange Discussions > > Subject: RE: Exchange permissions > > > > ADSIEdit > > > > > > > > -----Original Message----- > > From: Jason Clishe [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 11:14 AM > > To: Exchange Discussions > > Subject: Exchange permissions > > > > I've recently inherited an Exchange 2000 Organization. One of the > > first things that I noticed was that all Domain and Enterprise > > Administrators have the ability to open and read anyone's > mailboxes. > > I've checked the ACL on our mailbox store (we only have > one), and both > > Domain Admins and Enterprise Admins have an inherited "Allow" under > > Send As and Receive As. Obviously this is not the default > > configuration. > > > > I've made the registry adjustment listed in Q259221 to > allow me to see > > the security tab at the Org level. Even at the Org level, > Domain and > > Enterprise Admins are still inheriting an allowed Send As > and Receive > > As. > > > > But here's something else I noticed: when I use the > Delegation Wizard > > at the Org level to add an Exchange Full Administrator, and > then check > > the ACL on the Org, the new administrator that I just added gets > > inherited allows on Send As and Receive As, but also gets explicit > > denies on both of those ACE's. From that point down the heirarchy, > > only the explicit deny is inherited. > > > > So my question is this. At the org level, by default, are Domain > > Admins and Enterprise Admins set with inherited allows > > *and* explicit denies on Send As and Receive As? This would > indicate > > to me that perhaps a previous administrator here simply removed the > > explicit deny? > > > > If someone could check the ACL on your Exchange Org and let me know > > what permissions Domain Admins and Enterprise Admins have, I'd much > > appreciate it. > > > > Thanks > > > > Jason > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=& > > lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]