Microsoft KB Archive/327174

= Full mailbox access permission grants the Send as permission, or the Send as permission is denied =

PSS ID Number: 327174

Article Last Modified on 12/8/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server SP2
 * Microsoft Exchange 2000 Server SP3

-



This article was previously published under Q327174





SYMPTOMS
You may experience one of the following symptoms.

Symptom 1
When you grant the Full mailbox access permission to a user, the user can send messages as if they originated from you. This problem occurs even when you specifically denied that user the Send as permission.

Symptom 2
When you try to forward an old e-mail message, when you try to reply to an old e-mail message, or when you try to send a new e-mail message, you receive the following error message:

You do not have the permission to send the message on behalf of the specified user.



CAUSE
Symptom 1 may occur after you install Microsoft Exchange 2000 Server Service Pack 2. Exchange 2000 Service Pack 2 introduced a change to the Full mailbox access permission so that users who have this permission can send mail as another user even if the Send as permission is denied. The Full mailbox access permission is only meant to grant Read access permission to the user. This problem was corrected in the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup.

Symptom 2 may occur after you install the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup or the September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup. Exchange 2000 Server Service Pack 2 changed the behavior of the Full mailbox access permission, and this change was not corrected in Exchange Service Pack 3. Therefore, when you apply the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup or the September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup, your Exchange Server may not perform as expected. You may not be able to send, to reply, or to forward mail as another person.

Note The March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup has been updated to the September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup.



RESOLUTION
To resolve these problems, install the September 2003 Exchange 2000 Server Post-Service Pack 3 (SP3) Rollup if you have not already done so, and then grant the Send As permission to the users who you want to have the Send As permission.

September 2003 Exchange 2000 Server Post-Service Pack 3 (SP3) Rollup
For additional information about the September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup, click the following article number to view the article in the Microsoft Knowledge Base:

824282 September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup

Prerequisites
If you have Microsoft Exchange 2000 Server Service Pack 2 installed on your Exchange computer, you must install Microsoft Exchange 2000 Server Service Pack 3 before you can install the September 2003 Exchange 2000 Server Post-Service Pack 3 Rollup. For information about how to obtain Exchange 2000 Server Service Pack 3 (SP3), visit the following Microsoft Web site:

http://www.microsoft.com/exchange/downloads/2000/sp3/default.asp

Use the Active Directory Users and Computers Snap-in to Grant a User Send As Permission
To grant the Send As permission to a user, follow these steps:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
 * 2) Click View, and then click to select Advanced Features.
 * 3) Expand Users, right-click the   object where you want to grant the permission, and then click Properties.
 * 4) Click the Security tab, and then click Advanced.
 * 5) In the Access Control Settings for   dialog box, click Add.
 * 6) In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant Send As permissions to, and then click OK.
 * 7) In the Permission Entry for   dialog box, click User objects in the Apply onto list.
 * 8) In the Permissions list, locate Send As, and then click to select the Allow check box.
 * 9) Click OK three times to close the dialog boxes.

The setting takes effect after replication has occurred and after the mailbox store cache has flushed. To make the setting take effect immediately, stop and then restart the mailbox store.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.



MORE INFORMATION
For additional information about how to grant full access permission to a mailbox, click the following article number to view the article in the Microsoft Knowledge Base:

268754 How to Assign Users or Groups Full Access to Other User Mailboxes

For additional information about how to assign the Send on Behalf permission, click the following article number to view the article in the Microsoft Knowledge Base:

327000 HOW TO: Grant &quot;Send As&quot; and &quot;Send on Behalf&quot; Permissions in Exchange 2000 Server

Additional query words: kbExchange2000preSP4mdbFix kbExchange2000preSP4marchbarFix XADM

Keywords: kbExchange2000preSP4fix kbbug kbenv kbfix kbQFE KB327174

Technology: kbExchange2000Search kbExchange2000ServSearch kbExchange2000ServSP2 kbExchange2000ServSP3 kbExchangeSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.