Friday 27 April 2012

Mailbox Permissions - Exchange 2007 / 2010

Today a client requested a method to find out who had access to users mailboxes. I came up with a quick script to resolve this:

get-mailbox –resultsize unlimited | Get-MailboxPermission | select identity, user, @{name="Access Rights";expression={$_.get_accessrights()}},isinherited,deny | ?{@('NT AUTHORITY\SELF','DOMAIN\Domain Admins','DOMAIN\Administrator','DOMAIN\Exchange Servers','DOMAIN\Public Folder Management','NT AUTHORITY\SYSTEM','NT AUTHORITY\NETWORK SERVICE','DOMAIN\Delegated Setup','DOMAIN\Organization Management','DOMAIN\Exchange Trusted Subsystem','DOMAIN\Enterprise Admins'
) -notcontains $_.User}

The main component of the script is which users you wish to exclude from the results, I added all the access entries that were added by default by exchange. For me it was the following Accounts:

NT AUTHORITY\SELF
NT AUTHORITY\SYSTEM
NT AUTHORITY\NETWORK SERVICE
DOMAIN\Public Folder Management
DOMAIN\Organization Management
DOMAIN\Exchange Trusted Subsystem
DOMAIN\Exchange Servers
DOMAIN\Enterprise Admins
DOMAIN\Domain Admins
DOMAIN\Delegated Setup
DOMAIN\Administrator

You could then pipe the results to a CSV file using the Export-Csv Cmdlet

Posted by at 1 comment:

Wednesday 18 April 2012

Default Profile–Windows Server 2008R2

Today I had an issue at a clients trying to change the default profile on Windows Server 2008 R2.

I had completed all the steps required, but when i tried to copy the profile the option was greyed out
11-04-2012 11-28-24 AM

I found a program called Windows Enabler 1.1 which is available from here: Windows Enabler 1.1

Running this program as an administrator:
18-04-2012 12-16-55 PM

And clicking on the tray icon to enable it
18-04-2012 12-17-45 PM

I was then able to click the Copy To button (you may need to click a greyed out button twice)
11-04-2012 11-29-22 AM

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)