Single mailbox manage permissions issues full access/send as

Exchange 2010 SP3 RU7
I have a weird issue with one mailbox. This user has 2 AD accounts. Say "userprimary" and "usersecondary". This user was set up by another admin that is no longer here. "userprimary" is the actual mailbox
account.
User logs on to workstation using "usersecondary" AD credentials and manually sets up outlook 2010 to connect to "userprimary" mailbox. The userprimary mailbox has manage full access permissions assigned to it for the usersecondary
account. The userprimary mailbox does NOT have "send as permissions" set up. When the user logs in with "usersecondary" he can access the mailbox fine but can also send email. In theory he shouldn't be able to send as
there are no send as permissions set up on the "userprimary" mailbox.
How is this happening and what can I check to resolve this.

Userprimary account > manage full access > add usersecondary account.
Userprimary account > manage send as > nothing exists here.
Person logs onto workstation as usersecondary ad account
Person configures outlook to use userprimary account. (supplies no additional credentials)
Person launches outlook and is able to open userprimary account and send and receive emails.
Both AD accounts are Domain Admins.
Person doesn't need to have under the userprimary account, send as permissions with the usersecondary account specified. Reason seems that in AD, domain admins have 'send as' and 'receive as' set for all accounts.

Similar Messages

Permissions Issue; cant access a partitioned part of my HDD or my iDisk

I've been having a few issues with permissions sharing files between my Mac Book and iMac, I recently reset the permissions to read/write for myself including all sub-folders on my HDD. Having done this I now cannot access a partitioned part of my HDD or my iDisk!
When I try I get a "Folder XXX can't be opened because you don't have permission to see its contents"
When I go to "get info" and look at the permissions they all read "custom". When I change them to read/write they go back to custom. I've tried repairing permissions in Disk Utility, booted from the instillation DVD and tried the Disk Utility again, also the Reset Passwords option but still no access!
Can anyone help?

It would seem you've really gotten the permissions messed up. Here's a rather involved process for getting all the permissions reset for the entire HDD hierarchy.
Startup into Single User Mode: How to Startup into Single User Mode. When startup finishes you should have a black screen with white type ending with a prompt. Enter these commands and press RETURN after each one:
mount -uw /
chown root:admin /
chmod 1775 /
reboot
After rebooting open the Terminal application to set the following directory permissions. You can paste these lines or enter by hand, but be careful to enter them correctly.
sudo su
Password: [Enter your admin password when prompted.]
chown root:admin /Applications
chmod 0775 /Applications
chown root:admin /Library
chmod 1775 /Library
chown root:admin /System
chmod 0775 /System
chown root:admin /Users
chmod 0775 /Users
chmod -R -N /Applications
chown -R :admin /Applications/*
chown -R `id -un`:`id -gn` ~
Now restart the computer.

"The EXCH provider section is missing from the Autodiscover response." On single mailbox

We have a single mailbox with this issue, the RCA tool returns the message:
The EXCH provider section is missing from the Autodiscover response.
No other mailboxes have issues with Outlook anywhere but this one user is unable to use their mailbox from Outlook. I tried creating a fresh mailbox for this user and completely deleted the old one but this didn't seem to work. anyone have any ideas on how
I can resolve this?
This is Exchange 2010, SP1 with all update rollups applied.

This workstation's network connectivity is okay. And a test with any other user account information from the same station is successful. I've tried this from both a domain and non-domain station with the same results. But this test was from a domain machine.
Also note that our internal and external URIs are identical as the CAS server is the same for both.
Here is the full RCA output.
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Test Steps
ExRCA is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL
https://research.osu.edu/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name research.osu.edu in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 140.254.87.75
Testing TCP port 443 on host research.osu.edu to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Attempting to test potential Autodiscover URL
https://autodiscover.research.osu.edu/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.research.osu.edu in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.research.osu.edu couldn't be resolved in DNS InfoDomainNonexistent.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.research.osu.edu in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.research.osu.edu couldn't be resolved in DNS InfoDomainNonexistent.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA successfully contacted the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.research.osu.edu in DNS.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
The Service Location (SRV) record lookup returned host mail.research.osu.edu.
Attempting to test potential Autodiscover URL
https://mail.research.osu.edu/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name mail.research.osu.edu in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 131.187.90.221
Testing TCP port 443 on host mail.research.osu.edu to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.research.osu.edu on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.research.osu.edu, OU=Office of Research, O=The Ohio State University, STREET=154 W 12th Avenue, L=Columbus, S=OH, PostalCode=43210, C=US, Issuer: CN=InCommon Server CA, OU=InCommon, O=Internet2, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.research.osu.edu was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.research.osu.edu, OU=Office of Research, O=The Ohio State University, STREET=154 W 12th Avenue, L=Columbus, S=OH, PostalCode=43210, C=US.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/23/2011 12:00:00 AM, NotAfter = 6/22/2012 11:59:59 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL
https://mail.research.osu.edu/Autodiscover/Autodiscover.xml for user
[email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Alba, Andrea</DisplayName>
<LegacyDN>/o=Research Foundation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Alba, Andrea</LegacyDN>
<DeploymentId>75b2e554-1712-4be1-94e6-ed12513f8395</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://mail.research.osu.edu/owa/</OWAUrl>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.research.osu.edu/owa/</OWAUrl>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Autodiscover settings for Outlook Anywhere are being validated.
ExRCA wasn't able to validate Outlook Anywhere Autodiscover settings.
Additional Details
The EXCH provider section is missing from the Autodiscover response.
And then a test with a different user:
Testing RPC/HTTP connectivity.
The RPC/HTTP test completed successfully.
Test Steps
ExRCA is attempting to test Autodiscover for
[email protected].
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL
https://research.osu.edu/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name research.osu.edu in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 140.254.87.75
Testing TCP port 443 on host research.osu.edu to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
Tell me more about this issue and how to resolve it
Additional Details
A network error occurred while communicating with the remote host.
Attempting to test potential Autodiscover URL
https://autodiscover.research.osu.edu/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.research.osu.edu in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.research.osu.edu couldn't be resolved in DNS InfoDomainNonexistent.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.research.osu.edu in DNS.
The host name couldn't be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.research.osu.edu couldn't be resolved in DNS InfoDomainNonexistent.
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA successfully contacted the Autodiscover service using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.research.osu.edu in DNS.
The Autodiscover SRV record was successfully retrieved from DNS.
Additional Details
The Service Location (SRV) record lookup returned host mail.research.osu.edu.
Attempting to test potential Autodiscover URL
https://mail.research.osu.edu/Autodiscover/Autodiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name mail.research.osu.edu in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 131.187.90.221
Testing TCP port 443 on host mail.research.osu.edu to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.research.osu.edu on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.research.osu.edu, OU=Office of Research, O=The Ohio State University, STREET=154 W 12th Avenue, L=Columbus, S=OH, PostalCode=43210, C=US, Issuer: CN=InCommon Server CA, OU=InCommon, O=Internet2, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.research.osu.edu was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.research.osu.edu, OU=Office of Research, O=The Ohio State University, STREET=154 W 12th Avenue, L=Columbus, S=OH, PostalCode=43210, C=US.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/23/2011 12:00:00 AM, NotAfter = 6/22/2012 11:59:59 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
ExRCA is attempting to retrieve an XML Autodiscover response from URL
https://mail.research.osu.edu/Autodiscover/Autodiscover.xml for user
[email protected].
The Autodiscover XML response was successfully retrieved.
Additional Details
Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Bossley, Peter A</DisplayName>
<LegacyDN>/o=Research Foundation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Bossley, Peter A</LegacyDN>
<DeploymentId>75b2e554-1712-4be1-94e6-ed12513f8395</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>MAIL.rf.ohio-state.edu</Server>
<ServerDN>/o=Research Foundation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=Research Foundation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MAIL/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</OOFUrl>
<OABUrl>https://mail.research.osu.edu/OAB/e5ee959b-e4f0-4bd3-b254-bc2f822455f6/</OABUrl>
<UMUrl>https://mail.research.osu.edu/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>MAIL.rf.ohio-state.edu</PublicFolderServer>
<AD>DC3.rf.ohio-state.edu</AD>
<EwsUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.research.osu.edu/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.research.osu.edu</Server>
<ASUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</OOFUrl>
<OABUrl>https://mail.research.osu.edu/OAB/e5ee959b-e4f0-4bd3-b254-bc2f822455f6/</OABUrl>
<UMUrl>https://mail.research.osu.edu/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://mail.research.osu.edu/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://mail.research.osu.edu/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.research.osu.edu/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.research.osu.edu/EWS/Exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
Autodiscover settings for Outlook Anywhere are being validated.
ExRCA validated the Outlook Anywhere Autodiscover settings.
Attempting to resolve the host name mail.research.osu.edu in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: 131.187.90.221
Testing TCP port 443 on host mail.research.osu.edu to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.research.osu.edu on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.research.osu.edu, OU=Office of Research, O=The Ohio State University, STREET=154 W 12th Avenue, L=Columbus, S=OH, PostalCode=43210, C=US, Issuer: CN=InCommon Server CA, OU=InCommon, O=Internet2, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.research.osu.edu was found in the Certificate Subject Common name.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
ExRCA is attempting to build certificate chains for certificate CN=mail.research.osu.edu, OU=Office of Research, O=The Ohio State University, STREET=154 W 12th Avenue, L=Columbus, S=OH, PostalCode=43210, C=US.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 6/23/2011 12:00:00 AM, NotAfter = 6/22/2012 11:59:59 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Testing HTTP Authentication Methods for URL
https://mail.research.osu.edu/rpc/rpcproxy.dll.
The HTTP authentication methods are correct.
Additional Details
ExRCA found all expected authentication methods and no disallowed methods. Methods found: Negotiate, NTLM
Testing SSL mutual authentication with the RPC proxy server.
Mutual authentication was verified successfully.
Additional Details
Certificate common name mail.research.osu.edu matches msstd:mail.research.osu.edu.
Attempting to ping RPC proxy mail.research.osu.edu.
RPC Proxy was pinged successfully.
Additional Details
Completed with HTTP status 200 - OK
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server MAIL.rf.ohio-state.edu.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 546 ms.
Testing the Name Service Provider Interface (NSPI) on the Exchange Mailbox server.
The NSPI interface was tested successfully.
Test Steps
Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server MAIL.rf.ohio-state.edu.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 483 ms.
Testing NSPI "Check Name" for user
[email protected] against server MAIL.rf.ohio-state.edu.
Check Name succeeded.
Additional Details
DisplayName: Bossley, Peter A, LegDN: /o=Research Foundation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Bossley, Peter A
Testing the Referral service on the Exchange Mailbox server.
The Referral service was tested successfully.
Test Steps
Attempting to ping RPC endpoint 6002 (Referral Interface) on server MAIL.rf.ohio-state.edu.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 492 ms.
Attempting to perform referral for user /o=Research Foundation/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Bossley, Peter A on server MAIL.rf.ohio-state.edu.
ExRCA successfully got the referral.
Additional Details
The server returned by the Referral service: MAIL.rf.ohio-state.edu
Testing the Exchange Information Store on the Mailbox server.
ExRCA successfully tested the Information Store.
Test Steps
Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server MAIL.rf.ohio-state.edu.
The endpoint was pinged successfully.
Additional Details
RPC Status Ok (0) returned in 15 ms.
Attempting to log on to the Exchange Information Store.
ExRCA successfully logged on to the Information Store.
Any other ideas?
thanks!

Manage full access and send as permission in Exchange 2007

Hi,
I try to delegeate helpdesk the permission in ECM to manage Full Access and Send As permission.
I ran the PS command
Add-ADPermission -Identity "CN=Exchange Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -User "domain\ADGroupDelegation" -ExtendedRights ms-Exch-Store-Admin -InheritanceType
All
Now the helpdesk tech are can manage Full Access permission in EMC, but still not have access to manage Send As permission.
Thanks for your help !
MA
M.A.

Hi,
The issue maybe related to the Active Directory Replication Latency. The Send As permission is not granted until after replication has occurred. Replication times depend on your Microsoft Exchange and network configuration. To grant the permission immediately,
stop and then restart the Microsoft Exchange Information Store service. You can restart the Microsoft Exchange Information Store service to check the result.
Here is a relate article for your reference.
How to: Send As permissions and how long it takes for them to apply
http://blogs.technet.com/b/pakaloge/archive/2009/08/21/send-as-permissions-are-not-enforced-immediately.aspx
Best regards,
Belinda
Belinda Ma
TechNet Community Support

Which AD Attributes are use to store Send-As, Full-Access permissions and Calendar permissions?

Hello All,
Please, could someone tell me Which AD Attributes are use to store Send-As, Full-Access permissions and Calendar permissions?
Regards
José Osorio

Hi Jose,
Based on my test, the value of attribute msExchDelegateListLink points to Full Access permission while the
publicDelegates indicates Send on behalf permission.
As for Send as permission, it is the permission in the Access Control List which is a list of permissions attached to an object. Just like:
Thanks,
Winnie Liang
TechNet Community Support

Exchange 2010 Unable to Assign Full Access Permissions using a Security Group

I've been running into this issue lately. I cannot seem to use groups to allow full access to mailboxes. When I add them from the EMC, it will show up when you go to "Manage Full Access Permission...". After waiting a day and even restarting
the Information Store service, the permissions do not take effect. When I view the msExchDelegateListLink attribute of the mailbox account, the group is not listed.
When I grant a user full permission, it works and updates the attribute. However, on occasion when I revoke the full access permission for a user is doesn't always remove that user from the msExchDelegateListLink attribute. So the mailbox
will still appear in Outlook, but the user isn't able to see new emails.
Any ideas on what may be going wrong?
Environment:
Exchange Server 2010 SP1 Standard
Windows Server 2008 R2 Standard
Outlook 2010 SP1 (tried without SP1 as well)
I was looking over Add-MailboxPermission on Technet (http://technet.microsoft.com/en-us/library/bb124097.aspx) and I noticed that it doesn't mention adding groups. Is this not possible?

I never got a proper fix.
I worked around it by creating a script which gets the members of an AD Mail Enabled security group, and updates the full access based on the groups members.
Here's a script I'm running every hour which updates permissions. It's probably not the most efficient script ever, but it works. It has several benefits
1. Managers of the distribution group can add/remove mailbox members using OWA or through the address list
2. New members of groups are added to FULL Access Permissions
3. Members removed from the groups are removed from FULL access permissions
4. Automapping works :)
5. Maintains a log of access added / removed / time taken etc.
Obviously I have had to remove domain related information, replace with whatever your domain requirements are, and PLEASE debug it properly in your environent first, don't complain to me if it wipes out a load of access for you or something like that!
It takes about 5 minutes to run in my environement. Some formatting seems to have got messed up on here, sorry. I hope it is of use!
# Mailbox Permissions Setter for Exchange #
# v1.1 #
# This script will loop through all mailboxes in Exchange and find any where #
# the type is 'SHARED'. These should be determined to be a GROUP/SHARED mailbox #
# and access to these mailboxes are controlled by a single ACL, e.g. 'ACL_Shared_Mailbox'. #
# This script will add any members of these ACLs directly to the Full Access Permissions #
# of the mailbox and also remove them if they no longer need the access. #
# Script created by Jon Read, Technical Administration
# Recent Changes
# 15/11/2012
# 1.1 Added exclusions for ACLs that we don't want automapping to happen for
# 12/11/2012
# 1.0 Initial script
#Do not change these values
Add-PSSnapin *Ex*
$starttime = Get-Date
$logfile = "C:\accesslog.txt"
$logfile2 = "C:\accesslog2.txt"
$totaladditionstomailboxes = 0
$totalremovalsfrommailboxes = 0
$totalmailboxesprocessed = 0
$totalmailboxesskipped = 0
# Exclude any ACLs that shouldn't be processed here if they are used for a non-standard purpose and
# we don't want FULL access mapping to happen. Seperate array values with commas
$ExcludedACLArray = "DOMAIN\ACL_ExcludedExample"
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "#----------------------------------------------------------------#" >> $logfile
Write-Output "# Mailbox Permissions Setter for Exchange #" >> $logfile
Write-Output "# v1.1 #" >> $logfile
Write-Output "#----------------------------------------------------------------#" >> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-output "Start time $starttime ">> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
# Set preferred DCs and GCs
$preferredDC = "preferredDC.domain"
$preferredGC = "preferredGC.domain"
Write-Output " PreferredDC = $preferredDC ">> $logfile
Write-Output " PreferredGC = $preferredGC " >> $logfile
Set-ADServerSettings -PreferredGlobalCatalog $preferredGC -SetPreferredDomainControllers $preferredDC
# The first part of this will ADD permissions to the mailbox, reading from an associated ACL.
# Check for all mailboxes where the type is SHARED. These are the only ones we would
# want to apply group mailbox permissions to.
foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
$totalmailboxesprocessed = $totalmailboxesprocessed + 1
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
Write-Output "| MAILBOX ADDITIONS: $mailbox " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
$mailbox=$mailbox.ExchangeGuid.ToString()
# For each of them, get the distribution list applied to the mailbox (Starting DOMAIN\ACL_)
# We then need it to be turned into a string to use later.
#Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
$changes = 0
foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
$skipACL = 0
#Get the distribution group and put the name in a useable format
$distributiongroup=$distributiongroup.user.tostring()
Write-Output "Found ACL $distributiongroup" >> $logfile
# Check if this distribution group needs to be excluded and if it shouldn't be processed
# then move onto the next ACL. This will stop FULL access being granted if the mailbox is
# used for a non-standard purpose. See the start of this script
# for where these are excluded (ExcludedACLArray)
foreach ($ACL in $ExcludedACLArray )
if ($distributiongroup -eq $ACL)
$skipACL = 1
Write-Output "ACL $distributiongroup is excluded so skipping mailbox " >> $logfile
$totalmailboxesskipped = $totalmailboxesskipped + 1
if ($skipACL -eq 0)
# Get each user in this group and for each of them, add try to add them to full access permissions.
foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
# Get the user to try, convert to DOMAIN\USER to use shortly
$user="DOMAIN\" + $user.alias.ToString()
# Check to see if the user we have chosen from the ACL group already exists in the full access
# permissions. If they do, set $userexists to 1, if they do not, leave $userexists set to 0.
# Set $userexists to 0 as the default
$userexists = 0
foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission)
# See if the user exists in the mailbox access list.
# Change $fullaccessuser to a useable string (matching $user)
$fullaccessuser=$fullaccessuser.user.tostring()
if ($fullaccessuser -eq $user)
$userexists=1
# Break out of foreach if the user exists so we don't unnecessarily loop
break
# Now we know if the user needs to be added or not, so run code (if needed) to add
# the user to full access permissions
if ($userexists -eq 0)
Add-MailboxPermission $mailbox –user $user –accessrights "FullAccess"
Write-Output "Added $user " >> $logfile
$changes = 1
$totaladditionstomailboxes = $totaladditionstomailboxes + 1
#Now repeat for other users in the ACL
#if changes were 0, then log that no changes were made
if ($changes -eq 0)
Write-Output "No changes were made." >> $logfile
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "---------------------------------------------------------------------------------" >> $logfile
Write-Output " FINISHED ADDING PERMISSIONS" >> $logfile
Write-Output "---------------------------------------------------------------------------------" >> $logfile
Write-Output " " >> $logfile
# The second part of this will REMOVE permissions from the mailbox, reading from an associated ACL.
## Check for all mailboxes where the type is SHARED. These are the only ones we would
## want to apply group mailbox permissions to.
foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
Write-Output "| MAILBOX REMOVALS : $mailbox " >> $logfile
Write-Output "|-------------------------------------------------------" >> $logfile
$mailbox=$mailbox.ExchangeGuid.ToString()
#Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
$changes = 0
# For the current mailbox, get a list of all users with FULLACCESS, and then for each of them
# check if they exist in the ACL
foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.Accessrights -like "FullAccess" })
# Get the security identifier (SSID) of the FULLACCESS user to store for later.
$fullaccessuserSSID=$fullaccessuser.user.SecurityIdentifier.ToString()
$fullaccessuser=$fullaccessuser.User.ToString()
#If user needs to be excluded then skip this bit
#Users added or removed will only start with 07 (07$, 07T, so only run if the user starts with this.
#This stops it trying to remove NT AUTHORITY\SELF and other System entries
if ($fullaccessuser -like "DOMAIN\07*")
# Set $userexists to be 0. if we find the use user needs to remain, then change it to 1.
$userexists=0
# Check if this user exists in the ACL, if not, remove.
foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
$distributiongroup=$distributiongroup.user.tostring()
#Write-Output "Found associated distribution group $distributiongroup" >> $logfile
# Get each user in this group and for each of them, See if it matches the user in the mailbox.
foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
# Get the user to try, convert to DOMAIN\USER to use shortly
$userguid = $user.Guid.ToString()
$user="DOMAIN\" + $user.alias.ToString()
if ($fullaccessuser -eq $user)
$userexists=1
#we have found the user exists so no need to continue
break
# If userexists = 0, then they are NOT in the ACL, and should be removed from
# the full access permissions. Run the code to remove them from full access.
#CONVERT FULLACCESSUSER TO GUID AND REMOVE $FULLACCESSUSERGUID NOT $USERGUID
if ($userexists -eq 0)
Remove-MailboxPermission -Identity $mailbox –user $fullaccessuserSSID –accessrights "FullAccess" -Confirm:$false
Write-Output "Removed $fullaccessuser " >> $logfile
$changes = 1
$totalremovalsfrommailboxes = $totalremovalsfrommailboxes + 1
# if changes = 0, no changes were made to this mailbox, so log this fact.
if ($changes -eq 0)
Write-Output "No changes were made." >> $logfile
#Put the time in a displayable format
$endtime = Get-Date
$runtime = $endtime - $starttime
$runtime = $runtime.ToString()
$runtime1 = $runtime.split(".")
$totaltime = $runtime1[0]
Write-Output " " >> $logfile
Write-Output " " >> $logfile
Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
Write-Output "| SCRIPT COMPLETE : STATS " >> $logfile
Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
Write-Output "| Total Mailboxes Processed : $totalmailboxesprocessed " >> $logfile
Write-Output "| Total Additions : $totaladditionstomailboxes " >> $logfile
Write-Output "| Total Removals : $totalremovalsfrommailboxes " >> $logfile
Write-Output "| Total Mailboxes Skipped due to ACL : $totalmailboxesskipped " >> $logfile
Write-output "| Start time : $starttime ">> $logfile
Write-output "| End time : $endtime ">> $logfile
Write-Output "| **END OF RUN** - Elapsed time : $totaltime " >> $logfile
Write-Output "|---------------------------------------------------------------------------------------" >> $logfile
Write-Output " " >> $logfile

Send As, Send on Behalf and Full Access for Exchange server 2010/2013

[This FAQ contains 2 parts]
Testing and watching the behavior of Send As, Send On Behalf and Full Access permission.
Common issue and Troubleshooting on the three permission.
[Testing and Watching]
Based on following blog, I decide to test on my lab:
Full Mailbox Access Rights + Send On Behalf = Send As ?
http://blogs.technet.com/b/ehlro/archive/2012/04/06/full-mailbox-access-rights-send-on-behalf-send-as.aspx
Description on my lab and test:
Exchange 2010 + Outlook 2010
Exchange 2013 + Outlook 2013
Senders: A01, A02, … , A07, A08
Recipient: A09
A01 grand permission to other senders.
Two methods:
a. Use A0x’s credential configure A01’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
b. Use A0x’s credential configure A0x’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
Result as following forms:
1. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
Using A0x’s credential configure A01’s mailbox, then send From both A01 and A0x
To A09.
2. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
Using A0x’s credential configure A0x’s mailbox, then send From both A01 and A0x
To A09.
[Common Issue]
1. [Issue]
Exchange 2010 + Outlook 2010. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
Details as following pic:
[Troubleshooting]
1) Based on the NDR, it seems a permission issue. Check Send As permission, however the Send As permission configured correctly. Pic as below:
2) ince the Send As permission configured correctly, it seems the permission hasn’t been replicated. Try to restart Microsoft Exchange Information Store service. It works.
Note: The Send As permission isn’t granted until after replication has occurred. Replication times depend on your Exchange and network configuration. To grant the permission immediately, stop and then restart the Microsoft Exchange Information
Store service.
2. [Issue]
Exchange 2013 + Outlook 2013. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
Your message did not reach some or all of the intended recipients.
Subject: xxx
Sent: xx/xx/2014 8:20 AM
The following recipient(s) cannot be reached: A09
This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80070005-00000000-00000000].
Details as below:
[Troubleshooting]
1) Also check the Send As permission configuration first.
2) Then try to use A03 send as A01 to A09 via OWA. If OWA works well, it seems and issue on the Outlook client side.
3) This behavior may occur if the OAB in Outlook isn’t updated. Try to download OAB manually.
4) If doesn’t work, please close Outlook and try to delete all the OAB folder on your computer. The path of OAB folder in Win7, Win8 as below:
\Users\<UserName>\AppData\Local\Microsoft\Outlook\Offline Address Books
5) Restart Outlook.
Note: Be aware that you cannot send e-mail messages on behalf of a mailbox if the mailbox is hidden from address list. When sending a message, Exchange requires that e-mail address is resolved in the
From field.
3. [Issue]
Exchange 2010. A01 grant A0x “Send As” or “Send on Behalf” permission. A0x send as/ send on behalf of A01. The message is only copied to the Sent Items folder in A0x’s mailbox (same as the result of my test). Also cannot configure Exchange 2010 so that the
message is copied to the Sent Items folder of both A01 and A0x.
[Troubleshooting]
This issue occurs because Exchange server 2010 was designed to copy message to the Sent Items folder of the sender only. This issue can be solved by installing Exchange 2010 SP2 UR4. More details in the following KB:
Messages that are sent by using the "Send As" and "Send on behalf" permissions are copied only to the Sent Items folder of the sender in an Exchange Server 2010 environment
http://support.microsoft.com/kb/2632409/en-us
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

Nice guide Mavis, I recently explored the same topic. Few things you might want to add is the type of connectivity (Cached vs Online will produce different results) and to expand further on the methods of adding the other mailbox in Outlook (additional mailbox
vs additional account defaults to different methods). Check the screenshot:
And please post this somewhere more visible, like blog/wiki page.

Previous Exchange Admin has somehow granted himself inherited Full access rights to All Exchange Mailboxes -AccessRights -InheritanceType

Good Day,
There is a previous employee that was a Systems Admin and somehow he granted himself access to Every Mailbox item at one point in time and the cleanup has been a bit messy.
When this user is listed as "Full Access Granted" in the Manage Full Access Permissions function, and I delete him, I get a confirmation that he was removed, but then an additional item below it. (This is depicted in the attached photo)
How do I remove the hierarchical inheritance of this user?
the commands in the photo show:
Remove-Mailboxpermission -identity %OU String% -user %user% -inheritancetype 'All' -Accessrights 'FullAccess'
Add-Mailboxpermission -identity %OU String% -user %user% -Deny -Accessrights 'FullAccess'

Hello,
I have removed permission to this user in ADSI Edit Microsoft Exchange Configuration CN and ensured that his name was no where to be found in the ADSI permissions for Exchange. I was running the following command:
Get-Mailbox | Remove-MailboxPermission -User %USER% -AccessRights FullAccess,SendAs,Exter
nalAccount,DeleteItem,ReadPermission,ChangePermission,ChangeOwner -InheritanceType All
and I get a return warning:
WARNING: An inherited access control entry has been specified: [Rights: CreateChild, Delete, ReadControl, WriteDacl,
WriteOwner, ControlType: Allow]
and was ignored on object "CN=%FullAccessUser%"
How can I ensure that this user had NO permissions at all to the exchange mailboxes?

How to give full access to mailbox to users in trusted domain?

Hi,
I am working on a migration-project where we migrate all users from one domain to a new domain. I have Exchange in both domains, and migrates mailoboxes from the old to the new domain. In the old domain I have a number of mailboxes that are used for common
calendars for the departments. My problem is: How can I give the users who has been migrated to the new domain full access to the existing calendar-mailboxex in the old domain? I have given the accounts in the new domain full access to the mailboxes
in the old domain by using to following command: get-mailbox mailboxname | add-mailboxpermission -accessrights FullAccess,ExternalAccount -user newdomain\username
After the command has completed I can see the account listed in the "Manage Full Access Permission"-dialog, but still the new useraccount cannot create appointments etc in the original calendar from Outlook.
Any tips on this?
Thor-Egil

Hi Thor,
Thank you for your question.
Did the issue occur when we use OWA?
Are there any errors when they cannot create appointments?
We could enable “Support cross forest delegation” on FIM(Forefront Identity Manager) to check if the issue persist.
There is an article for us to how to enable “Support cross forest delegation” by the following link:
http://blogs.technet.com/b/neiljohn/archive/2011/10/12/exchange-server-2010-cross-forest-delegation.aspx
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Exchange 2010 Full Access to mailbox not working.

Hi Guys
Few changes were made to exchange so users can only have "send on behalf of" when using shared mailboxes.
for example : Sent from Bob Smith on behalf of [EmailAddress1]
need to grant full access, then use the client delegate (outlook 2010) and add them to that also.
even if you set permissions to none in Delegate the full access kicks in.
if you remove the users name from delegate (set with no permissions) full access is gone.
has anyone else come across this ?
ive been trolling the net the last 2 days and havernt found a thing . .
any help would be great.

Hi ITWizchch,
Try these methods to check what's happening and set the required access (i.e. SendOnBehalfOf without Full Access)
Check for individual user or all users having access on John's mailbox:
Get-MailboxPermission -Identity [email protected] | Format-List
Get-MailboxPermission -Identity [email protected] -User "Ayla"
Once permission is set you can use below to remove it:
Remove-MailboxPermission -Identity John -User 'Ayla' -AccessRights FullAccess -InheritanceType All
Set SendOnBehalf Permission:
Set-mailbox John -GrantSendOnBehalfto @{Add="Ayla"}
Set SendOnBehalf Permission:
Set-mailbox John -GrantSendOnBehalfto @{Remove="Ayla"}
NOTE:- When you modify a multivalued property, you must ensure that you append / remove the values accordingly , without Overwriting the existing list.
Regards,
Satyajit
Please “Vote As Helpful”
if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

User with Full Access to mailbox cannot view calendar

I have a user who one of several users that manages the schedules for several conference rooms using regular mailboxes on Exchange Server 2007. She (and she alone), has lost the right to manage the mailbox calendar. When she tries to access the
calendar she gets the error message, "You do not have permission to view this calendar".
I verified her rights as Full Access and even ran the cmdlet below which says, "Appropriate ACE is already present on object ".
[PS] C:\Windows\system32>Add-MailboxPermission -Identity "mailbox" -User user -AccessRights FullAccess -InheritanceType All
WARNING: Appropriate ACE is already present on object "CN=mailbox
49,OU=Service Accounts,OU= xxx,OU=xxxxx),OU=xxx,DC=xxx,DC=xx,DC=xxx" for
account "user".
Identity             User                 AccessRights        IsInherited Deny
Domaim      domain\user       {FullAccess}        False       False
When I get the permissions on the mailbox she has the following:
AccessRights    : {FullAccess}
Deny            : False
InheritanceType : All
User            : domain\user
Identity        : domain/OU/OU/OU/mailbox
IsInherited     : False
IsValid         : True
ObjectState     : Unchanged
Any help out there?
[email protected]

Hi,
According to your post, the permission seems to be configured properly in your Exchange server. This user has full access permission to Domaim’s mailbox.
Please try to open shared mailbox in OWA to check whether she can access the calendar. In Outlook, we can open shared calendar in Calendar panel by clicking Open Calendar > Open shared calendar. If it fails, please try the following steps:
1. Click File > Account Settings > Change > More Settings > Advanced.
2. Add the Shared mailbox that you want to open and click OK.
If there is any updates, please feel free to let us know.
Best Regards,
Winnie Liang
TechNet Community Support

Auto-Mapping with Full Access Mailboxes-not working in exchange 2010 clients outlook 2013

hello, I have exchange server 2010, the clients are running outlook 2013, I set an mailbox for automapping (full access) but when i restart client it does not appear in the client. i also did the command in the exchange shell, no errors. how can i fix this.

no sp info shows with the
Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersionName
Edition : Enterprise
AdminDisplayVersion : Version 14.0 (Build 639.21)
chart says
Exchange Server 2010 November 9, 200914.00.0639.021
is that the issue need sp 1?

Permissions Issues plague remote access attempts

I have a couple of networked IMacs in my house. They readily see and connect to each other via OS 10.5.6, being connected to the same router. Usually there are no problems copying files from one Mac to the other or saving changes in work to a second Mac
EXCEPT...... perpetually frustrating recurrent "Permissions" barriers no matter how hard I try to give myself unrestricted access to my files on one Mac from the second one when using MS Office.
EXAMPLE: I try to use Microsoft Office 2008 documents stored on one IMac from the 2nd IMac and am not allowed to save changes - not even when I am the owner of the accounts and documents concerned. Furthermore, these documents are opening as Read-Only even though their sharing options have been ticked on in the document settings....
Microsoft says this is an Apple networking permissions issue and not a fault of their software. They advised me to check the appropriate "share this document" boxes within their files and this I have done. I log in as the Read/Write access owner of a given directory and still I can't save changes in MS documents unless I am operating the Mac where the file actually resides.
Please, please, can anyone simplify the ESSENTIALS one must perform in Apple Sharing Prefs setup when trying to give one's self unrestricted access to all one's files - with full Read/Write privileges unrestricted - from a second Mac on the same local network ?

This problem of mine tends to happen only with MS Office files. The MS Word and Excel files that always insist on opening as Read-Only (and Microsoft insisted to me this was because of an Apple Networking permissions issue !!) are within folders that in turn are within higher level folders for which the permissions ( ?? and does this not apple for the whole folder and all its enclosed files and folders ?? ) are set as "Read and Write" for me, for "others" and "everyone" as well. I figured that looked broad enough. Still, though, I am stymied from saving changes though I own the files and both computers involved !!!
Surely Apple offers users some sort of stripped down (SIMPLE !!!) way of opening up read/write access as broadly as possible for any given networked folder whose own user and owner wishes it to have these broadest possible access permissions - so that surely I as the owner should be able to access.
I have repeatedl;y repaired permissions but this does not seem to help. I have noticed that sometimes some individual MS documents within a folder whose folder permissions have been opened up have not recognized the broader permissions granted for the whole folder and still have bizarre restrictions.
Don't all the files within a folder reflect automatically the permissions set for the folder itself ???
If not, why bother opening up a folder ??

Managing users to provide access on multiple lists having unique permissions.

I have 20 lists in a site coll and all are having unique permissions and the reason of why i have stop inheritance is to not giving users edit access on site pages but should have full access on lists. If i used inherited permission and want to give full
access to list, i have to check 'manage lists' in the permission level which provides user edit permission or some unauthorized access in to the page.
So, because in order to overcome this i have created two permission level: for
page view & for list/library view and stop inheritance on library and give users
list/library view access in it to let them access the lists/library.
it makes the management very high in terms of new user access. For this i have to go to more than 20 places and grant permission to that particular user. How can i manage and use it in effective way...please help me on this..!!

Hello Mohit,
I would suggest to create groups based on permission level you have given and add the users to those groups.
For all the lists you will add the groups for the permissions, so whenever you want grant/remove access to users you will add/delete the user from that group.
My Blog- http://www.sharepoint-journey.com|
If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

Full access permissions and calendars

Quick question...in Exchange 2007 if you grant full access permissions on a mailbox, does it also give full owner rights to the calendar as well?
So if User A has full access permissions to User B's mailbox, do they also get Owner permissions on the calendar of User B?

Hi,
When you grant the Full Access permission to another user for a mailbox, that user becomes able to log on to the mailbox and access its entire contents. This includes calendar as well.
Grant Full Access permission is different from applying the Owner role to a folder. For more details, you can refer to the following articles.
Add-MailboxPermission:http://technet.microsoft.com/en-us/library/bb124097(v=exchg.150).aspx
Add-MailboxFolderPermission:http://technet.microsoft.com/en-us/library/dd298062(EXCHG.140).aspx
Best regards,
Belinda
Belinda Ma
TechNet Community Support

Single mailbox manage permissions issues full access/send as

Similar Messages

Maybe you are looking for