No announcement yet.

Mailbox Store Permissions & Mailbox Rights

  • Filter
  • Time
  • Show
Clear All
new posts

  • Mailbox Store Permissions & Mailbox Rights

    Hi All,

    Not sure if this is a unique situation we have here, as i assume most people would use the three Exchange Administrator roles... but i'd like you pick your brains anyway!

    We are currently locking down all of the permissions that out Service Desk staff have, this includes Administrator Access to exchange.

    Our Service Desk deal with requests regarding granting Mailbox Rights through Active Directory > Exchange Advanced.

    If they are anything less than Exchange Full Administrator, they are unable to grant users access to other mailboxes.

    I have been looking at the special permissions on the mailbox stores and have noticed that there are the following permissions:

    "Change Permissions"
    "Administer Information Store"

    After granting our Service Desk access to the "Change Permissions" permission, nothing changed... they was still unable to edit Mailbox Rights. They get the error "Unable to save permission changes to [mailbox]. Access is denied.".

    Is it safe to assume that for the Service Desk to be able to edit the Mailbox Rights through Active Directory > Exchange Advanced, that they need access to the "Administer Information Store" permission or is there another way i can do this without them having such power?

    Thanks in advance!
    Last edited by rsnooks; 4th February 2010, 17:30.

  • #2
    Re: Mailbox Store Permissions & Mailbox Rights

    The ability to lock down permissions on Exchange 2003 is very limited.
    As a bare minimum they will need Exchange View Only rights at the org level, which allows them to work on objects that are Exchange enabled.

    However, it sounds like you have either forgotten or are not aware of the main problem with Exchange permissions - they are cached. A permission change can take 2 hours before it is fully effective, so making a change and testing it immediately will give you false results.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.