Problem
Sometimes permissions are erroneously applied to an archive and must be removed. This might happen as a result of:
- Incorrect use of the manual permissions settings in the Vault Administration Console (VAC)
- Unexpected or undesired inheritance of permissions from Exchange
Regardless of the cause, it is necessary to identify what is causing undesired permissions to be applied, and removing all permissions can help to troubleshoot the issue.
Solution
In EV 12.4 a PowerShell cmdlet was introduced to remove manually set permissions from archives.
https://www.veritas.com/support/en_US/doc/96069939-127965758-0/v133190397-127965758
Or for versions prior to 12.4 EVPM can be used.
Removal of permissions can be achieved via the Enterprise Vault Policy Manager (EVPM). Create the following EVPM .ini file, substituting the particular details of the environment for the italicized values.[Directory]
DirectoryComputerName=kvsvault
SiteName=archivesite
[ArchivePermissions]
ArchiveName=John Doe
Zap=True
Notes:
a. More details about running EVPM with an .ini script file can be found in articles About Policy Manager and 100016891
b. The Archive name can be copied from the Properties page of the relevant archive in the VAC
c. Edit the file in Notepad and save in UNICODE format with the extension ini.
d. Synchronizing the mailbox will reapply all Exchange inherited permissions to the archive, which can be a useful troubleshooting step after all the archive's permissions have been zapped.
e. After zapping the archive, refresh the view in the VAC to see the changes reflected in the archive's Properties page.
f. The [ArchivePermissions] section, introduced in Enterprise Vault 14.1, replaces the earlier [VaultPermissions] section. Existing scripts containing a [VaultPermissions] section will still work, but it is recommended to use [ArchivePermissions] in all new scripts.
g. The ArchiveName value must be one of the following:
The name of an archive
An ArchiveID (Found on the Advanced tab of the Archive Properties)
ALL (Permissions are zapped from all Journal, Shared, and Mailbox Archives in the specified Enterprise Vault Site)
ALL_JOURNAL (Permissions are zapped from all Journal Archives in the specified Enterprise Vault Site)
ALL_SHARED (Permissions are zapped from all Shared Archives in the specified Enterprise Vault Site)
ALL_MAILBOX (Permissions are zapped from all Mailbox Archives in the specified Enterprise Vault Site)
Note: Removing all permissions from an archive can result in certain folders no longer being visible in Enterprise Vault Search. This can occur if a folder exists within an archive but does not exist within Exchange and therefore once permissions are removed these cannot be synchronized from Exchange and remain without permissions for the user. Permissions can be viewed and checked via Permissions browser. See About the Permissions Browser in Enterprise Vault
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.