Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
Delegate mailbox access

Beantwortet Delegate mailbox access

  • Donnerstag, 14. Juni 2012 14:50
     
     
    Anmelden
    0

    Hello!

    I'm testing delegate access in Exch2010SP2/Outlook2010. For instance, I want User1 to have access to User2's mailbox so I give User1 Full Access permission in EMC, start Outlook, log in as User1 and see User2's mailbox beneath User1's mailbox. That's ok.

    Then I want to revoke the delegate access so I remove Full Access permission on User2' mailbox from User1 and again start Outlook, log in as User1 and... User2's mailbox is still there...

    I ran many tests with different user accounts but the results are still the same: I can grant delegate access very easily but I don't know how to revoke it...

    ???

    Thank you in advance,

    Michael

     

Alle Antworten

  • Donnerstag, 14. Juni 2012 14:56
     
     
    Anmelden
    0

    Hi

    If you go to the advanced settings on User1's account and then clicked on Advanced there is an advanced tab where it says "open these additional mailboxes", is User2's mailbox listed there? You can then remove it.

    Or if you right click on User2's mailbox can you not remove it?

     
  • Donnerstag, 14. Juni 2012 17:03
     
     
    Anmelden
    0

    Like Daredevil said, you can remove the mailbox from the advanced tab.

    You can revoke delegate access, like you already did. However afaik autodiscover will add mailboxes to your profile but not remove them. Once you have removed the access rights, user2 will still see the mailbox for user1 but he will no longer be able to access (open) it.

     
  • Freitag, 15. Juni 2012 07:23
     
     
    Anmelden
    0

    Valveco, thank you!

    "Once you have removed the access rights, user2 will still see the mailbox for user1 but he will no longer be able to access (open) it." - although access have been removed User1 still has Full access to User2's mailbox. User1 can move, create and delete items in User2's mailbox...

     
  • Freitag, 15. Juni 2012 07:39
     
     
    Anmelden
    0

    DareDevil57, thank you!

    "if you right click on User2's mailbox can you not remove it?" - no, I can't. It says "...click the File tab.. and on Info tab, click Account Settings...click Remove".

    "open these additional mailboxes", is User2's mailbox listed there?" - no, it's not!

     
  • Freitag, 15. Juni 2012 07:48
     
     
    Anmelden
    0
    Did you come right by going to the advanced tab and removing it?
     
  • Freitag, 15. Juni 2012 08:07
     
     
    Anmelden
    0

    Here are the new results.

    Yesterday evening when I was writing this post there were two user accounts with full access permission on User2's mailbox: Administrator and User1. I removed FA permission from both of them, saw it making no difference in accessing User2's mailbox and asked a question here.

    Today morning having logged on as User1 (in Outlook) I see that User2's mailbox has dissappeared from Outlook left pane.

    When I logged on as Administrator User2's mailbox is still there.

    So here are my conclusions for this test:

    1) it takes some time for the Full Access permission removal to take affect for a general user (User1)

    2) I don't know by what means I can prevent Administrator from accessing other user's mailbox after I have once enabled Delegate Access for him.

    Administartor does not have FA permission on User2's mailbox and there's no additional mailboxes added to the Administrator's account (Account Settings\Advanced tab).


    • Bearbeitet MF47 Freitag, 15. Juni 2012 08:08 Slip
    •  
     
  • Freitag, 15. Juni 2012 11:30
     
     
    Anmelden
    0
    No, I did not remove anything. Advances tab was empty, there were no additional mailboxes there.
     
  • Freitag, 15. Juni 2012 15:28
     
     
    Anmelden
    0
    It's a bug.  You will have to go to adsiedit.msc and remove off the top of USER1's account.  Just make sure you choose only show attributes with values and you will see it about half way down the list.  Sorry, don't remember what the attribute is.  If you need instructions, just search Google or Bing and it will come back with instructions.
     
  • Samstag, 16. Juni 2012 05:30
     
     
    Anmelden
    0

    Jclaude8, thank you!

    I'll try to use adsiedit.msc.

     
  • Dienstag, 19. Juni 2012 09:22
    Moderator
     
     Beantwortet
    Anmelden
    0
    Hi MF47,

    It sounds werid, I also did a tests like you referred, the opened mailbox still exists in the outlook, due to the "administrator" information still exist in the user's attributes, you could delete it through ADSIEDIT, and then, it will disappear.

    Regards!

    Gavin

    TechNet Community Support

     
  • Donnerstag, 21. Juni 2012 15:41
     
     
    Anmelden
    0

    Have you tried manually creating a new Outlook profile from the mail applet in Control Panel?

    A new Outlook profile shouldn't list the mailbox now you have revoke the access permissions.

    -Meat

     
  • Donnerstag, 21. Juni 2012 17:27
     
     Vorgeschlagene Antwort
    Anmelden
    0

    reviewed article:

    http://technet.microsoft.com/en-us/library/bb676551.aspx

    Regards

    El éxito nunca llega solo; hay que trabajar arduamente para conseguirlo.

     
  • Montag, 25. Juni 2012 07:14
     
     
    Anmelden
    0
    Gavin-Zhang, thank you!
     
  • Montag, 25. Juni 2012 07:25
     
     
    Anmelden
    0

    Veilingmeat, thank you!

    No, I didn't, I'll try it!

     
  • Dienstag, 26. Juni 2012 13:58
     
     Beantwortet
    Anmelden
    0

    I found this attribute in ADSI Edit - it is 'msExchDelegateListLink' that still lists the Administrator user account as a delegate for User2's mailbox. After removing this attribute User2's mailbox dissapeared from Administrator's Outlook window pane.

    Big thanks to all of you!

    Michael