Full access permission on a mailbox not doing what it should?
finkle636
Member Posts: 44 ■■□□□□□□□□
According to microsoft the follwoing is true...
From Technet - "In Exchange 2007, users who are granted the Full Mailbox Access permission to a mailbox do not have Send As permission. Instead, the users have Send on Behalf Of permission for the mailbox owner. In this scenario, the users must be explicitly granted the Send As permission to send e-mail messages as the mailbox owner."
I have just spent half the morning trying to figure out why, when the above is apparently correct can a user who has full permission cannot "Send on behalf of".
I understand that "Send as" is a different thing as it impersonates the mailbox, but "Send on behalf of" (which is hidden in a seperate tab by the way) should be included in the full access permission, it seems it is however not, even though they say it is, have i misinterprited sommething here?
I have just finished the MCTS 70-236 training book and have just started on the new 2009 Sybex book and there was none of this mentioned.
From Technet - "In Exchange 2007, users who are granted the Full Mailbox Access permission to a mailbox do not have Send As permission. Instead, the users have Send on Behalf Of permission for the mailbox owner. In this scenario, the users must be explicitly granted the Send As permission to send e-mail messages as the mailbox owner."
I have just spent half the morning trying to figure out why, when the above is apparently correct can a user who has full permission cannot "Send on behalf of".
I understand that "Send as" is a different thing as it impersonates the mailbox, but "Send on behalf of" (which is hidden in a seperate tab by the way) should be included in the full access permission, it seems it is however not, even though they say it is, have i misinterprited sommething here?
I have just finished the MCTS 70-236 training book and have just started on the new 2009 Sybex book and there was none of this mentioned.
Comments
Send as or send on behalf are granted separately from full access.
content with your knowledge. " Elbert Hubbard (1856 - 1915)
It was a bit frustrating in my opinion as they put 2 object permissions on display in the EMC on full display (Full Control, Send As), hide one in a sub menu of a tab(Send on behalf of), and the other you cant change unless you use powershell or ADUC and enable advanced features (Recieve As), thats a bit poor in my opinion. Its like setting NTFS permissions on a security tab of a folder, but only giving you half of them and putting the rest in the help menu in Calculator. Oh and one that you must change manually in the registry for good measure.
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
At this point, i have no idea, as on this link it lists the 2 as being seperate permissions.
Understanding Mailbox Permissions: Exchange 2007 Help
How to Allow Mailbox Access: Exchange 2007 Help
Delegate Full-Mailbox Access
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
You can actually do Receive-As on an individual AD user which isn't documented, but it works and I have done nit. You use the Add-AdPermission but you specify the DN of the user's AD account.
Was there a reason why you did it that way... grins and giggles? Is there really a difference between that and just doing FullAccess on the user?
b
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...