Sometimes permissions are erroneously applied to an archive and must be removed. This might happen as a result of:
- Incorrect use of the manual permissions settings in the Vault Administration Console (VAC)
- Unexpected or undesired inheritance of permissions from Exchange
Regardless of the cause, it is necessary to identify what is causing undesired permissions to be applied, and removing all permissions can help to determine that.
Removal of permissions can be achieved via the Enterprise Vault Policy Manager (EVPM). Create the following EVPM .ini file, substituting the particular details of the environment for the italicized values.
a. Instructions on running EVPM with an .ini script file can be found here.
b. The Archive name can be copied from the Properties page of the relevant archive in the VAC
c. Edit the file in Notepad and save in UNICODE format with the extension ini.
d. Synchronizing the mailbox will reapply all Exchange inherited permissions to the archive, which can be a useful troubleshooting step after all the archive's permissions have been zapped.
e. After zapping the archive, refresh the view in the VAC to see the changes reflected in the archive's Properties page.
f. The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but it is recommended to use [ArchivePermissions] in all new scripts.
g. The ArchiveName value must be one of the following:
The name of an archive
ALL (Permissions are zapped from all Journal, Shared, and Mailbox Archives in the specified Enterprise Vault Site)
ALL_JOURNAL (Permissions are zapped from all Journal Archives in the specified Enterprise Vault Site)
ALL_SHARED (Permissions are zapped from all Shared Archives in the specified Enterprise Vault Site)
ALL_MAILBOX (Permissions are zapped from all Mailbox Archives in the specified Enterprise Vault Site)