Enterprise Vault™ Administrator's Guide
- About this guide
- Managing administrator security
- Roles-based administration
- Working with predefined RBA roles
- Customizing RBA roles
- Day-to-day administration
- About Exchange mailbox archiving reports
- About starting or stopping tasks or services
- Monitoring journal mailboxes
- About monitoring disks
- About maintaining the SQL databases
- Using SQL AlwaysOn availability groups
- About managing vault store groups and sharing
- About managing safety copies
- About managing partition rollover
- About expiry and deletion
- Working with retention categories and retention plans
- Setting up retention folders
- Enabling archiving for new mailboxes
- About moving archives
- How Move Archive works
- About moving mailbox archives within a site
- About moving mailbox archives between sites
- About configuring Move Archive
- Running Move Archive
- Monitoring Move Archive
- PowerShell cmdlets for managing archives
- Using Enterprise Vault for records management
- Setting the default record type for users
- Common configuration scenarios
- Searching archives for items marked as records
- Automatically filtering events
- Managing indexes
- About the indexing wizards
- Managing indexing exclusions
- About the indexing PowerShell cmdlets
- Advanced Domino mailbox and desktop policy settings
- Editing the advanced settings for Domino mailbox and desktop policy
- Domino mailbox policy advanced settings
- Archiving General: Domino mailbox policy
- Archiving General: Domino mailbox policy
- Domino desktop policy advanced settings
- Advanced Exchange mailbox and desktop policy settings
- Editing the advanced Exchange mailbox and desktop settings
- Exchange mailbox policy advanced settings
- Archiving General (Exchange mailbox policy advanced settings)
- Archiving General (Exchange mailbox policy advanced settings)
- Exchange desktop policy advanced settings
- Office Mail App (Exchange desktop policy advanced settings)
- Outlook (Exchange desktop policy advanced settings)
- OWA versions before 2013 (Exchange desktop policy advanced settings)
- Vault Cache (Exchange desktop policy advanced settings)
- Virtual Vault (Exchange desktop policy advanced settings)
- Advanced Exchange journal policy settings
- Archiving General (Exchange journal policy advanced settings)
- Advanced Exchange public folder policy settings
- Archiving General (Exchange public folder policy advanced settings)
- Advanced SMTP policy settings
- Site properties advanced settings
- Editing site properties advanced settings
- Site properties advanced settings
- Content Conversion (site properties advanced settings)
- File System Archiving (site properties advanced settings)
- IMAP (site properties advanced settings)
- Indexing (site properties advanced settings)
- Skype for Business (site properties advanced settings)
- SQL Server (site properties advanced settings)
- SMTP (site properties advanced settings)
- Storage (site properties advanced settings)
- Content Conversion (site properties advanced settings)
- Computer properties advanced settings
- Editing computer properties advanced settings
- Computer properties advanced settings
- Agents (computer properties advanced settings)
- IMAP (computer properties advanced settings)
- Indexing (computer properties advanced settings)
- Storage (computer properties advanced settings)
- Task properties advanced settings
- Advanced Personal Store Management properties
- Classification policy advanced settings
- Managing the Storage queue
- Automatic monitoring
- About monitoring using Enterprise Vault Operations Manager
- About monitoring using MOM
- About monitoring using SCOM
- Managing extension content providers
- Exporting archives
- Enterprise Vault message queues
- Customizations and best practice
- Mailbox archiving strategies
- Notes on archiving based on quota or age and quota
- Notes on archiving items from Exchange Server 2010 managed folders
- About performance tuning
- Mailbox archiving strategies
- Failover in a building blocks configuration
- Appendix A. Ports used by Enterprise Vault
- Appendix B. Useful SQL queries
- Appendix C. Troubleshooting
- Installation problems
- Microsoft SQL Server problems
- Server problems
- Client problems
- Problems enabling or processing mailboxes
- Problems with Vault Cache synchronization
- Identifying and resolving Vault Cache issues on the Enterprise Vault server
- Identifying and resolving Vault Cache issues on an end-user computer
- Problems with Enterprise Vault components
- Troubleshooting: All tasks and services
- Troubleshooting: Directory service
- Troubleshooting: Exchange archiving or Journaling tasks
- Troubleshooting: Storage service
- Troubleshooting: Shopping service
- Troubleshooting: Web Access application
- Troubleshooting: All tasks and services
- Techniques to aid troubleshooting
- How to modify registry settings
- About moving an Indexing service
- Appendix D. Enterprise Vault accounts and permissions
Using permissions to control access
When you install or upgrade Enterprise Vault, only the Vault Service account has access to the Administration Console. You can then use the Vault Service account to assign administrative roles as required.
An administrator in any given role has access to all Administration Console containers that are relevant to that role. For example, a Messaging Administrator has access to every Exchange Server and Domino server in the Enterprise Vault Site.
You can assign administrator permissions to grant or deny access to individual containers in the Administration Console. For example, you can grant an administrator access to a single Exchange Server computer.
You can assign permissions to grant or deny access to any of the following Administration Console containers:
A file server
An Exchange Server
A Domino Server
A SharePoint web application
An Enterprise Vault server
As soon as you modify a container's permissions, access to that container and its contents is controlled by the list you defined. The only exception to this is that the Vault Service account always has access.
For example, a Messaging Administrator who does not have access to a particular Exchange Server cannot enable mailboxes on that Exchange Server. This is because the Enable Mailbox wizard does not allow the administrator to list the mailboxes on that Exchange Server.
If you need to return to the state in which all administrators have access to a container, you must delete all entries in the administrator permissions list for that container.
To grant or deny permission to access a container
- Using the Vault Service account, start the Administration Console.
- In the Administration Console, right-click the file server, Exchange Server, SharePoint web application, or Enterprise Vault server to which you want to apply permissions and, on the shortcut menu, click Properties.
- Click the Admin Permissions tab. The list shows the specific users or groups who have been granted or denied permission to administer this computer.
- If you want to add an entry to the list, click Add and then proceed as follows:
If you are adding the first entry on the list, there is a warning that adding an entry to the list restricts access to those users with Grant access. Click OK.
In the Add Users and Groups window, add the users or groups to whom you want to grant or deny access to the container. Click OK.
The Admin Permissions list now shows the users and groups you have added, with a Grant and Deny option next to each.
- If you want to remove an entry from the list, click the entry to select it and then click Remove.
- For each user and group, select Grant to grant access to this container, or Deny to deny access to this container, as required.
- If you need to delete an entry from the list
- Click OK to close Admin Properties.
If you have removed all entries from the list there is a warning that all administrators in a role that allows access to this container now have access. Click OK.