This is what I did: If Not flag Then 'SELF is not found Set ace = CreateObject ("AccessControlEntry") ace.Trustee = "SELF" ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE dacl.AddAce ace 'set back information oSecurityDescriptor.DiscretionaryAcl = dacl UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor UserObject.SetInfo WScript.Echo "Done" End If Situation: If I run the script again for same user it shows that "SELF" is added. Problem: If I go thru GUI, "SELF" is not shown for the user. Any suggestion/help is appreciated. Thanks. -- Tyampoo
What is eactly is it you're trying to do? SELF is a sort of programmatic shortcut. A placeholder as it were that is placed on a mail enabled object when it's created. After the first access, permissions are propagated and it get's replaced bu the actual user object. I don't understand why you would want to stick self back on mailboxes that have already been instanced. "Tyampoo" wrote in message news:EA34FA91-64FB-4562-9CD5-9B1964796E5F@microsoft.com... > This is what I did: > If Not flag Then 'SELF is not found > Set ace = CreateObject ("AccessControlEntry") > ace.Trustee = "SELF" > ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or > RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER > ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED > ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE > dacl.AddAce ace > > 'set back information > oSecurityDescriptor.DiscretionaryAcl = dacl > UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor > UserObject.SetInfo > WScript.Echo "Done" > End If > > Situation: > If I run the script again for same user it shows that "SELF" is added. > > Problem: > If I go thru GUI, "SELF" is not shown for the user. > > Any suggestion/help is appreciated. > > Thanks. > -- > Tyampoo
For some reason, for some user there ain't SELF so I have to check that it is present and set AccessMask to 131079. I also tried to put "NT AUTHORITY\SELF"; if I check programatically it shows but it does not show in GUI. -- Tyampoo "John Fullbright" wrote: > What is eactly is it you're trying to do? SELF is a sort of programmatic > shortcut. A placeholder as it were that is placed on a mail enabled object > when it's created. After the first access, permissions are propagated and > it get's replaced bu the actual user object. I don't understand why you > would want to stick self back on mailboxes that have already been instanced. > > > "Tyampoo" wrote in message > news:EA34FA91-64FB-4562-9CD5-9B1964796E5F@microsoft.com... > > This is what I did: > > If Not flag Then 'SELF is not found > > Set ace = CreateObject ("AccessControlEntry") > > ace.Trustee = "SELF" > > ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or > > RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER > > ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED > > ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE > > dacl.AddAce ace > > > > 'set back information > > oSecurityDescriptor.DiscretionaryAcl = dacl > > UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor > > UserObject.SetInfo > > WScript.Echo "Done" > > End If > > > > Situation: > > If I run the script again for same user it shows that "SELF" is added. > > > > Problem: > > If I go thru GUI, "SELF" is not shown for the user. > > > > Any suggestion/help is appreciated. > > > > Thanks. > > -- > > Tyampoo > > >
"For some reason, for some user there ain't SELF " http://support.microsoft.com/kb/272153/en-us http://support.microsoft.com/kb/304935/en-us 1. It's not a problem as long as the actual security descriptor for the user has rights. 2. The process you are attempting to use only works if you set the attribute before the mailbox is created. "Tyampoo" wrote in message news:8A7B0794-C875-4C2A-9C81-7C4550F9321D@microsoft.com... > For some reason, for some user there ain't SELF so I have to check that it > is > present and set AccessMask to 131079. I also tried to put "NT > AUTHORITY\SELF"; if I check programatically it shows but it does not show > in > GUI. > -- > Tyampoo > > > "John Fullbright" wrote: > >> What is eactly is it you're trying to do? SELF is a sort of programmatic >> shortcut. A placeholder as it were that is placed on a mail enabled >> object >> when it's created. After the first access, permissions are propagated >> and >> it get's replaced bu the actual user object. I don't understand why you >> would want to stick self back on mailboxes that have already been >> instanced. >> >> >> "Tyampoo" wrote in message >> news:EA34FA91-64FB-4562-9CD5-9B1964796E5F@microsoft.com... >> > This is what I did: >> > If Not flag Then 'SELF is not found >> > Set ace = CreateObject ("AccessControlEntry") >> > ace.Trustee = "SELF" >> > ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or >> > RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER >> > ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED >> > ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE >> > dacl.AddAce ace >> > >> > 'set back information >> > oSecurityDescriptor.DiscretionaryAcl = dacl >> > UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor >> > UserObject.SetInfo >> > WScript.Echo "Done" >> > End If >> > >> > Situation: >> > If I run the script again for same user it shows that "SELF" is added. >> > >> > Problem: >> > If I go thru GUI, "SELF" is not shown for the user. >> > >> > Any suggestion/help is appreciated. >> > >> > Thanks. >> > -- >> > Tyampoo >> >> >>
