locked
Blocking access to exchange 2007 Storage Group or Information Store RRS feed

  • Question

  • In a windows 2003 AD & on an Exchange 2007 Enterprise server we have an administrative user account that needs full access to most Storage groups but needs to be restricted to one.   In exchange 2003 I was able to set an explicit DENY to the information store but I can not see how to do this in Exchange 2007.  I am assuming there is a PS command but is there also any way to graphicially deny this account access to a specific storage group? 
    Monday, August 19, 2013 9:48 PM

Answers

  • Hello,

    Based on my experience, there is no way to do it if your administrator full access permission.


    Cara Chen
    TechNet Community Support

    Wednesday, August 21, 2013 6:15 AM
    Moderator

All replies

  • How are you granting permission to the other SG/Databases? I assume you are using the Add-ADPermission or going into ADSIEdit and adding the permissions directly to the Storage Group/Database objects that you wanted to share.  You could do this same thing but place DENY permissions to this. Also, I assume this is only for non-mailbox enabled Admin accounts.

    Tuesday, August 20, 2013 2:30 PM
  • The user account has been added to Exchange Domain Servers and is part of an existing workflow that is old.  I have been told the changing memberships will break the workflow.  I have applied an explicit deny to the journal IS (in exchange 2003) which works to block the account's access, But I have not been able to find a way to explicitly deny it to an exchange 2007 Storage group or database directly using the exchange console or shell, I would prefer using the 2007 EMC to have a visual record.
    Tuesday, August 20, 2013 6:36 PM
  • Hello,

    Based on my experience, there is no way to do it if your administrator full access permission.


    Cara Chen
    TechNet Community Support

    Wednesday, August 21, 2013 6:15 AM
    Moderator