Symprex Email Signature Manager, v7.2.3

Permissions for the Service Account on Exchange Server 2007

Permissions requirements for the service account on Exchange Server 2007 are:

 

Receive-As (mailbox server and mailbox database)

Impersonation (client access server)

May Impersonate (mailbox database)

 

To assign the service account the required permissions at the Exchange Server level, follow these steps:

 

1.Open the Exchange Management Shell and connect to Exchange Server.
 

2.Type the following line, and then press ENTER:
 
Get-MailboxServer <Server> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights Receive-As
 
where <Server> is the name of the Exchange Server with the Mailbox role installed and <Account> is the name of the service account to which the permissions will be assigned.  If <Server> is omitted, the rights will be assigned to all servers in your organization.

 

3.Type the following line, and then press ENTER:
 
Get-ClientAccessServer <Server> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights ms-Exch-EPI-Impersonation
 
where <Server> is the name of the Exchange Server with the Client Access role installed and <Account> is the name of the service account to which the permissions will be assigned. If <Server> is omitted, the rights will be assigned to all servers in your organization.

 

4.Type the following line, and then press ENTER:
 
Get-MailboxDatabase <MailboxDatabase> | Add-ADPermission -User <Account> -AccessRights GenericRead, GenericWrite -ExtendedRights Receive-As, ms-Exch-EPI-May-Impersonate
 
where <MailboxDatabase> is the name of the mailbox database and <Account> is the name of the service account to which the permissions will be assigned. If <MailboxDatabase> is omitted, the rights will be assigned to all databases in your organization.

 

Note The service account must be a member of the Domain Users group only. Membership of the Domain Admins group or any of the built-in Exchange security groups will deny required permissions.

 

In addition, the service account must be granted the Logon As A Service right on the computer where the Email Signature Manager Service is installed, which can be accomplished using the following steps:

 

1.Open Control Panel > Administrative Tools > Local Security Policy.

2.Open Security Settings > Local Policies > User Rights Assignment.

3.In the list of policies, open the Logon as a Service right.

4.Add the service account to the policy and the OK button to save the changes.

 


Copyright © 2016 Symprex Limited. All Rights Reserved.