How to remove all permissions from an archive using Enterprise Vault Policy Manager (EVPM)

How to remove all permissions from an archive using Enterprise Vault Policy Manager (EVPM)

  • Article ID:100017306
  • Last Published:
  • Product(s):Enterprise Vault


Sometimes permissions are erroneously applied to an archive and must be removed. This might happen as a result of:

- Incorrect use of the manual permissions settings in the Vault Administration Console (VAC)

- Unexpected or undesired inheritance of permissions from Exchange

Regardless of the cause, it is necessary to identify what is causing undesired permissions to be applied, and removing all permissions can help to determine that.


Removal of permissions can be achieved via the Enterprise Vault Policy Manager (EVPM). Create the following EVPM .ini file, substituting the particular details of the environment for the italicized values.


ArchiveName=John Doe

   a. More details about running EVPM with an .ini script file can be found in articles About Policy Manager and 000029048
   b. The Archive name can be copied from the Properties page of the relevant archive in the VAC
   c. Edit the file in Notepad and save in UNICODE format with the extension ini.
   d. Synchronizing the mailbox will reapply all Exchange inherited permissions to the archive, which can be a useful troubleshooting step after all the archive's permissions have been zapped.
   e. After zapping the archive, refresh the view in the VAC to see the changes reflected in the archive's Properties page.
   f. The [ArchivePermissions] section, introduced in Enterprise Vault 4.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but it is recommended to use [ArchivePermissions] in all new scripts.
   g. The ArchiveName value must be one of the following:

  • The name of an archive

  • An ArchiveID

  • ALL (Permissions are zapped from all Journal, Shared, and Mailbox Archives in the specified Enterprise Vault Site)

  • ALL_JOURNAL (Permissions are zapped from all Journal Archives in the specified Enterprise Vault Site)

  • ALL_SHARED (Permissions are zapped from all Shared Archives in the specified Enterprise Vault Site)

  • ALL_MAILBOX (Permissions are zapped from all Mailbox Archives in the specified Enterprise Vault Site)

    Note: Removing all permissions from an archive can result in certain folders no longer being visible in Archive Explorer or Enterprise Vault Search.  This can occur if a folder exists within an archive but does not exist within Exchange and therefore once permissions are removed these cannot be synchronized from Exchange and remain without permissions for the user.  Permissions can be viewed and checked via Permissions browser. See About the Permissions Browser in Enterprise Vault

Related Articles

What is the process if a mailbox that was Enterprise Vault (EV) enabled is no longer used or deleted?

Folders not showing within Archive Explorer

How to remove (ZAP) Enterprise Vault (EV) properties from Archive-Enabled Exchange mailboxes

How to use Enterprise Vault Policy Manager (EVPM) to enable archiving for a group of users

Was this content helpful?