Somehow I have managed to give all domain users access to all mail boxes. I need to undo this. If I remove domain users from the manage full access permission in the GUI, the user gets "unable to open your default e-mail folders. you do not have permission to logon." We were attempting to allow users to access a common mail box.

which version of exchange ? where have you given the rights on the DB level. There may be inheritance which you have to deal with.

It's Exchange 2007... I have looked in the full access gui, and i do see domain users in there, and if i remove that, the users can not even access their own mailboxes. Thanks, Bryan

On Fri, 22 Oct 2010 17:09:01 +0000, Bryan Thorell wrote: >Somehow I have managed to give all domain users access to all mail boxes. I need to undo this. If I remove domain users from the manage full access permission in the GUI, the user gets "unable to open your default e-mail folders. you do not have permission to logon." Assuming you haven't modfied each mailbox individually, you've probably given some group (Everyone, Authenticated Users, Domain Users, etc.) the "Receive As" permission somewhere in the configuration container of the AD. You can use ADSIEDIT to find where you've done this. Start at the user and see if the "Receive As" permission is inherited by some group. Then work your way up the Exchange hierarchy starting at the mailbox database, looking for where you've assigned that permission If, for example, you've given the Everyone group this access, siply remove the access. Don't remove the Everyone group, and certainly don't *deny* that group access! >We were attempting to allow users to access a common mail box. You only have to modify the single mailbox for that. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Fri, 22 Oct 2010 21:40:12 +0000, Bryan Thorell wrote: > > >It's Exchange 2007... I have looked in the full access gui, and i do see domain users in there, and if i remove that, the users can not even access their own mailboxes. What the "full access gui"? Do you mean when you select the mailbox and click "Manage Full Access Permission..." in the Actionpane, or right-click the mailbox and select "Manage Full Access Permission..." from the context menu? The "Domain Users" group shouldn't be in there. You should have the "Exchange Domain Servers" group, and the "SELF" user in the list. It sounds like you've been messing with permissions in ways that you shouldn't be. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP