Hi to all..My configuration: 1 AD Windows Server 2008 Std. & 1 Exchange 2007 on Windows Server 2008 (AD roles also installed for tests..)After setting up some users and start working for tests i found out that ANY user can send as ANY user from Global Address list without setting any permissions on Send As permissions tab...I also have a policy that uses the first and last name for reply address and not the default domain..(Secondary accepted domain is set..)Any help is appreciatedThank youP.S. This setup has a problem from the beginning: same SID on both devices due to image OS setup.. i am just trying to get it work right till i find a solution for transfering the data from one setup to another...

Hi,When you remove send-as permission from a user isthat user still can send as any user from global address list ?MCSE,CCNA,VCP,APP

thanks for your reply, unfortunately yes!..

Is anyone monitoring this forum? I have the exact same problem. Right now, I'm the only one that knows about it but, if others find out, there's going to be a big to-do & I'd like to avoid it. In my company we have 2 different domains from which a couple of users will need to be able to send messages from. I set up the server by creating new mailboxes using the second domain as the primary e-mail address then giving Send As permissions to the first domain mailboxes. When I went to test, I could see all the mailboxes in our organization &, YES, I could pick any one of them & send a message as that person. I checked the Manage Full Access Permissions for each user in the company &, according to that, each user only has permission to send as him/herself. There has to be something going on that's allowing us to be able to send as anyone we please within our company. Does anyone have any suggestions on how this can be fixed?

Hi, From my expernice with exchange 2007, to prevent uses sned as others kindly make sure the normal users except (IT Administrator/ Exchange Administrator) make sure they are not member of any Administrator Groups i.e. below groups via Active Direcotry:- Exchange Organization Administrators- Microsoft Exchange Security GroupsIf the users members of these group he/she might able to send on behalf of others. In addition, make sure he/she does not have send as permission.I hope this will help you 'GSfakianakis' and 'Lursa'

Thank you so much for your super speedy response. I've just double checked everyone's 'Member Of' settings &, am sorry to say, no one is a member of Exchange Organization Administrators or Exchange Security Groups that isn't supposed to be. So the problem still exists. Are there any other settings that could be allowing this permission to everyone? Thanks.

So is there no solution to this issue? Is it a glitch in the program? Anyone? I'm in desperate need of a fix or work around for this issue; use of Exchange within our company depends on being able to send from 2 different domains but not as each other. If it can't be fixed, we might have to re-think our migration. Thanks.

I think I may have found something but don't know if I'm reading the results properly. I used the Management Shell to list users that had Full Access mailbox rights & several of my users were listed multiple times. In some of the instances the Deny value was set to True which I take to mean that the right is denied. But in other cases the Deny value was set to False which I take to mean that the right is not denied. If I use the EMS to change the Deny value to True, will that deny Full Access to that user? The data also lists a User & an Identity. The user is listed as something like ServerName\Exchange Servers or ServerName\Exchange Org. Admins. & the Identity is listed as my.domain.com/Users/User Name. This is what confuses me; does this information mean that the user is a member of the group listed? If so, why wouldn't the user show up on the Members tab of that Group? If I set the Full Access value to Deny, should I also change the membership of the user to disallow membership in those Groups? Or, quite possibly, does the information given by the EMS not mean anything at all in relation to Send As permissions? Any help with this is greatly appreciated. Thanks.