Sometimes permissions are erroneously applied to an archive and must be removed. This might happen as a result of:
- Incorrect use of the manual permissions settings in the Vault Administration Console (VAC)
- Unexpected or undesired inheritance of permissions from Exchange
Regardless of the cause, it is necessary to identify what is causing undesired permissions to be applied, and removing all permissions can help to determine that.
Removal of permissions can be achieved via the Enterprise Vault Policy Manager (EVPM). Create the following EVPM .ini file, substituting the particular details of the environment for the italicized values.
a. More details about running EVPM with an .ini script file can be found in articles 000102129 and 000029048
b. The Archive name can be copied from the Properties page of the relevant archive in the VAC
c. Edit the file in Notepad and save in UNICODE format with the extension ini.
d. Synchronizing the mailbox will reapply all Exchange inherited permissions to the archive, which can be a useful troubleshooting step after all the archive's permissions have been zapped.
e. After zapping the archive, refresh the view in the VAC to see the changes reflected in the archive's Properties page.
f. The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but it is recommended to use [ArchivePermissions] in all new scripts.
g. The ArchiveName value must be one of the following:
The name of an archive
ALL (Permissions are zapped from all Journal, Shared, and Mailbox Archives in the specified Enterprise Vault Site)
ALL_JOURNAL (Permissions are zapped from all Journal Archives in the specified Enterprise Vault Site)
ALL_SHARED (Permissions are zapped from all Shared Archives in the specified Enterprise Vault Site)
ALL_MAILBOX (Permissions are zapped from all Mailbox Archives in the specified Enterprise Vault Site)
NOTE: Removing all permissions from an archive can result in certain folders no longer being visible in Archive Explorer or Enterprise Vault Search. This can occur if a folder exists within an archive but does not exist within Exchange and therefore once permissions are removed these cannot be synchronized from Exchange and remain without permissions for the user. Permissions can be viewed and checked via Permissions browser. See Technote 1934222.