Unsolved
This post is more than 5 years old
2 Posts
0
588
August 20th, 2007 13:00
Least permissions required
The company I work for needs to verify and check our application layout of archiving email within our environment. Within your documentation it states:
####################
On the mail server, create an email account and (if you are using
Microsoft Exchange) a MAPI profile for use on the mail client you
will install on the EmailXtender server. The account is used to
communicate with the mail server and should be an
administrative account with full Domain Administrator,
Exchange Administrator, and Service Account Administrator
permissions.
###################
In our environment this will not be allowed to have a service account with both full domain administrator and Exchange Administrator. This is strictly not allowed.
Currently we are using MailXtender 4.2 and will describe the setup that we are using for 4.2.
If we want to archive a user we move them to a specific exchange server and a specfic database within that server. On that database all mail is archived to a account called " CC Xtender". This email account has only membership to the domain users.
On the MailXtender server and account is created at the domain level called "cesaxtender". This account is a member of the domain users only. But it also has the following permissions on the "CC Xtender" mailbox.
¿ List Contents
¿ Read all properties
¿ Write all properties
¿ Read permissions
¿ Send As permissions
Please note that "cesaxtender" run and controls the services on the MailXtender server. Cesaxtender account is a member of the administrator group on the MailXtender server.
Can we use the same setup once we build a new MailXtender server using the latest version?
####################
On the mail server, create an email account and (if you are using
Microsoft Exchange) a MAPI profile for use on the mail client you
will install on the EmailXtender server. The account is used to
communicate with the mail server and should be an
administrative account with full Domain Administrator,
Exchange Administrator, and Service Account Administrator
permissions.
###################
In our environment this will not be allowed to have a service account with both full domain administrator and Exchange Administrator. This is strictly not allowed.
Currently we are using MailXtender 4.2 and will describe the setup that we are using for 4.2.
If we want to archive a user we move them to a specific exchange server and a specfic database within that server. On that database all mail is archived to a account called " CC Xtender". This email account has only membership to the domain users.
On the MailXtender server and account is created at the domain level called "cesaxtender". This account is a member of the domain users only. But it also has the following permissions on the "CC Xtender" mailbox.
¿ List Contents
¿ Read all properties
¿ Write all properties
¿ Read permissions
¿ Send As permissions
Please note that "cesaxtender" run and controls the services on the MailXtender server. Cesaxtender account is a member of the administrator group on the MailXtender server.
Can we use the same setup once we build a new MailXtender server using the latest version?
No Events found!