Exclaimer Mail Archiver

User Manual

Exclaimer Products
  • Table of ContentsTable of Contents
 

Configuring the Exclaimer Mailbox Access Service

Within Exclaimer Mail Archiver, Exchange mailbox access can be configured via Mail Archiver Settings however, if you need to do this manually for any reason, the following steps should be completed:

  1. Create a user

  2. Grant rights

  3. Configure the service to use new credentials

These steps are detailed in the following sections. Note that these steps must be completed on your Microsoft Exchange server.  This may not be the computer where Exclaimer Mail Archiver is installed.

Step 1: Create a user

There are two possible ways to create a new user - use ONE of the methods detailed below.

Use Exchange Management Console

A new user can be created by completing a Microsoft Exchange wizard:

  1. From Microsoft Exchange, select Recipient  Configuration > Mailbox > New Mailbox

  2. Set User Mailbox as a mailbox type.

  3. Having completed this wizard, it is advisable to hide the new mailbox from the Global Address List (this ensures that people will not be able to see this user from their email clients). To do this, run the following script:

Set-Mailbox -HiddenFromAddressListsEnabled $true -Identity "### Enter The Users Identity ###"

-

Note that elements surrounded by '### ... ###’ should be substituted with information as indicated - remove the hash (#)  symbols and maintain spacing. Please also refer to additional guidelines for creating a new user below.

Use a PowerShell script

The following script can be run in the Exchange Management Shell:

New-Mailbox -Name "### Enter a username ###" -UserPrincipalName "### Enter the domain username ###" -ResetPasswordOnNextLogon $false -Database "### Enter the Mailbox Database ###"

Set-Mailbox -HiddenFromAddressListsEnabled $true -Identity "### Enter The Users Identity ###"

This script will create the user and hide the new mailbox from the Global Address List. Please also refer to additional guidelines for creating a new user below.

Note that elements surrounded by '### ... ###’ should be substituted with information as indicated - remove the hash (#)  symbols and maintain spacing. Please also refer to additional guidelines for creating a new user below.

Additional guidelines for creating a new user

The following guidelines should be considered when creating a new user using either of the methods described above:

  • The user should have no password expiration policy (i.e. the password should never expire).

  • The user should NOT be a member of Domain Admins or Enterprise Admins groups, since they are explicitly denied access to Exchange mailboxes by default Exchange settings.

  • The user should have LogonAsService rights (these will be granted if necessary during step 3).

  • Care should be taken when creating this user because it will have full access to email for all users on the Exchange server.

Step 2: Grant rights

PowerShell scripts are provided below to grant rights. If you have a mixed environment which includes both Exchange 2007 and Exchange 2010 (and above) machines, the appropriate script should be run on one of each type. In other words, the Exchange 2007 script should be run on Exchange 2007 and the Exchange 2010 script should be run on Exchange 2010 (and above) .

If you have added a new Exchange 2007 server or new Exchange 2007 database to the existing infrastructure, the script will need to be run again to grant necessary rights to new servers or databases (the same applies to Exchange 2010 and above).

Exchange 2007

If you are using Exchange 2007, use the Grant Exchange Rights script below:

Get-ExchangeServer | where {$_.IsClientAccessServer -eq $true} | where {$_.IsValid  -eq $true} | where {$_.IsExchange2007OrLater -eq $true} | where { $_.AdminDisplayVersion.Major -eq 8 } | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity "### Enter The Users Identity ###" | select-object).identity -accessRights GenericRead, GenericWrite -extendedRights Send-As, Receive-As, ms-Exch-Store-Admin, ms-Exch-EPI-Impersonation -InheritanceType All }

Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User (Get-User -Identity "### Enter The Users Identity ###" | select-object).identity  -ExtendedRights ms-Exch-EPI-May-Impersonate}

Get-MailboxDatabase | Add-ADPermission -User '### Enter The Users Identity ###' -AccessRights GenericAll -InheritanceType All

Note that elements surrounded by '### ... ###’ should be substituted with information as indicated - remove the hash (#)  symbols and maintain spacing.

Exchange 2010 (and above)

If you are using Exchange 2010 (and above) , use the Grant Exchange Rights script below:

$ExchangeServer = Get-ExchangeServer | where {$_.IsClientAccessServer -eq $true} | where {$_.IsValid -eq $true} | where {$_.IsExchange2007OrLater -eq $true} | where { $_.AdminDisplayVersion.Major -ge 14 }

$ExchangeServer | ForEach-Object { New-ManagementRoleAssignment -Role ApplicationImpersonation -User (Get-User -Identity "### Enter The Users Identity ###" | select-object).identity }  

Get-MailboxDatabase | Add-ADPermission -User '### Enter The Users Identity ###' -AccessRights GenericAll -InheritanceType All

Note that elements surrounded by '### ... ###’ should be substituted with information as indicated - remove the hash (#)  symbols and maintain spacing.

Step 3: Configure the service to use credentials

There are two possible ways to configure the service to use new credentials - use ONE of the methods described below.

Use the services applet

  1. Access the Services applet (Control Panel > Administrative Tools > Services).

  2. Locate the Exclaimer Mail Archiver Exchange Access service.

  3. Right click on this service and select Properties.

  4. Select the Log On tab.

  5. Click the Browse button and locate the user created in step 1.

  6. Type the user's password and click OK to complete the process.

  7. Ensure that the service starts with the new user's credentials and that its startup type is set to Automatic.

Use a PowerShell script

The following script can be run in the Exchange Management Shell.

Exchange 2007

If you are using Exchange 2007, use the Set Service Rights script below:

Get-WMIObject Win32_Service | where { $_.Name -eq "Exclaimer Mail Archiver Exchange Access Service"} | ForEach-Object { $_.Change($null, $null, $null, $null, "Automatic", $null, "### Enter the domain username ###", password)  }

Restart-Service "Exclaimer Mail Archiver Exchange Access Service"

Note that elements surrounded by '### ... ###’ should be substituted with information as indicated - remove the hash (#) symbols and maintain spacing. Also note that the instance of password should be replaced with the appropriate password for the user account.

Exchange 2010 (and above)

If you are using Exchange 2010 (and above), use the Set Service Rights script below:

Get-WMIObject Win32_Service | where { $_.Name -eq "Exclaimer Mail Archiver Exchange Access Service"} | ForEach-Object { $_.Change($null, $null, $null, $null, "Automatic", $null, "### Enter The Users Identity ###", password)  }

Restart-Service "Exclaimer Mail Archiver Exchange Access Service"

Note that elements surrounded by '### ... ###’ should be substituted with information as indicated - remove the hash (#)  symbols and maintain spacing. Also note that the instance of password should be replaced with the appropriate password for the user account.

 
 
 

Table of Contents

Index

Glossary

-Search-

Back