DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2549289 - Last Review: October 28, 2011 - Revision: 1.0

SYMPTOMS

Consider the following scenario:
  • You create a management role assignment in a Microsoft Exchange Server 2010 environment.
  • You assign the Mail Recipients role to a role assignee.
  • You define the scope of the role assignment to an organizational unit.
  • The role assignee tries to run the Add-MailboxPermission command or the Remove-MailboxPermission command on an Exchange Server 2010 server that is outside the role assignment scope.
In this scenario, the role assignee can unexpectedly run the Add-MailboxPermission command or the Remove-MailboxPermission command on the server.

CAUSE

This issue occurs because there is no Role Based Access Control (RBAC) verification when Exchange Server 2010 runs the Add-MailboxPermission command or the Remove-MailboxPermission command.

RESOLUTION

To resolve this issue, install the following update rollup:
2608646  (http://support.microsoft.com/kb/2608646/ ) Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about the Add-MailboxPermission command, visit the following Microsoft website:
General information about the Add-MailboxPermission command (http://technet.microsoft.com/en-us/library/bb124097.aspx)
For more information about the Remove-MailboxPermission command, visit the following Microsoft website:
General information about the Remove-MailboxPermission command (http://technet.microsoft.com/en-us/library/bb125153.aspx)
For more information about the New-ManagementRoleAssignment command, visit the following Microsoft website:
General information about the New-ManagementRoleAssignment command (http://technet.microsoft.com/en-us/library/dd335193.aspx)
For more information about management role assignments, visit the following Microsoft website:
General information about management role assignments (http://technet.microsoft.com/en-us/library/dd335131.aspx)

APPLIES TO
  • Microsoft Exchange Server 2010 Service Pack 1, when used with:
    • Microsoft Exchange Server 2010 Enterprise
    • Microsoft Exchange Server 2010 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2549289
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support