Delegate mailbox access
-
14. června 2012 14:50
Hello!
I'm testing delegate access in Exch2010SP2/Outlook2010. For instance, I want User1 to have access to User2's mailbox so I give User1 Full Access permission in EMC, start Outlook, log in as User1 and see User2's mailbox beneath User1's mailbox. That's ok.
Then I want to revoke the delegate access so I remove Full Access permission on User2' mailbox from User1 and again start Outlook, log in as User1 and... User2's mailbox is still there...
I ran many tests with different user accounts but the results are still the same: I can grant delegate access very easily but I don't know how to revoke it...
???
Thank you in advance,
Michael
Všechny reakce
-
14. června 2012 14:56
Hi
If you go to the advanced settings on User1's account and then clicked on Advanced there is an advanced tab where it says "open these additional mailboxes", is User2's mailbox listed there? You can then remove it.
Or if you right click on User2's mailbox can you not remove it?
-
14. června 2012 17:03
Like Daredevil said, you can remove the mailbox from the advanced tab.
You can revoke delegate access, like you already did. However afaik autodiscover will add mailboxes to your profile but not remove them. Once you have removed the access rights, user2 will still see the mailbox for user1 but he will no longer be able to access (open) it.
-
15. června 2012 7:23
Valveco, thank you!
"Once you have removed the access rights, user2 will still see the mailbox for user1 but he will no longer be able to access (open) it." - although access have been removed User1 still has Full access to User2's mailbox. User1 can move, create and delete items in User2's mailbox...
-
15. června 2012 7:39
DareDevil57, thank you!
"if you right click on User2's mailbox can you not remove it?" - no, I can't. It says "...click the File tab.. and on Info tab, click Account Settings...click Remove".
"open these additional mailboxes", is User2's mailbox listed there?" - no, it's not!
-
15. června 2012 7:48Did you come right by going to the advanced tab and removing it?
-
15. června 2012 8:07
Here are the new results.
Yesterday evening when I was writing this post there were two user accounts with full access permission on User2's mailbox: Administrator and User1. I removed FA permission from both of them, saw it making no difference in accessing User2's mailbox and asked a question here.
Today morning having logged on as User1 (in Outlook) I see that User2's mailbox has dissappeared from Outlook left pane.
When I logged on as Administrator User2's mailbox is still there.
So here are my conclusions for this test:
1) it takes some time for the Full Access permission removal to take affect for a general user (User1)
2) I don't know by what means I can prevent Administrator from accessing other user's mailbox after I have once enabled Delegate Access for him.
Administartor does not have FA permission on User2's mailbox and there's no additional mailboxes added to the Administrator's account (Account Settings\Advanced tab).
- Upravený MF47 15. června 2012 8:08 Slip
-
15. června 2012 11:30No, I did not remove anything. Advances tab was empty, there were no additional mailboxes there.
-
15. června 2012 15:28It's a bug. You will have to go to adsiedit.msc and remove off the top of USER1's account. Just make sure you choose only show attributes with values and you will see it about half way down the list. Sorry, don't remember what the attribute is. If you need instructions, just search Google or Bing and it will come back with instructions.
-
16. června 2012 5:30
Jclaude8, thank you!
I'll try to use adsiedit.msc.
-
19. června 2012 9:22Moderátor Hi MF47,
It sounds werid, I also did a tests like you referred, the opened mailbox still exists in the outlook, due to the "administrator" information still exist in the user's attributes, you could delete it through ADSIEDIT, and then, it will disappear.
Regards!Gavin
TechNet Community Support
- Označen jako odpověď Gavin-ZhangModerator 8. července 2012 14:30
-
21. června 2012 15:41
Have you tried manually creating a new Outlook profile from the mail applet in Control Panel?
A new Outlook profile shouldn't list the mailbox now you have revoke the access permissions.
-Meat
-
21. června 2012 17:27
reviewed article:
http://technet.microsoft.com/en-us/library/bb676551.aspx
Regards
El éxito nunca llega solo; hay que trabajar arduamente para conseguirlo.
- Navržen jako odpověď MCTS Luis Fernando Rodriguez Garcia 21. června 2012 17:36
-
25. června 2012 7:14
-
25. června 2012 7:25
Veilingmeat, thank you!
No, I didn't, I'll try it!
-
26. června 2012 13:58
I found this attribute in ADSI Edit - it is 'msExchDelegateListLink' that still lists the Administrator user account as a delegate for User2's mailbox. After removing this attribute User2's mailbox dissapeared from Administrator's Outlook window pane.
Big thanks to all of you!
Michael
- Označen jako odpověď Gavin-ZhangModerator 8. července 2012 14:30
.png)
