You are currently offline, waiting for your internet to reconnect

A RBAC role assignee can unexpectedly run the Add-MailboxPermission command or the Remove-MailboxPermission command on an Exchange Server 2010 server that is outside the role assignment scope

SYMPTOMS
Consider the following scenario:
  • You create a management role assignment in a Microsoft Exchange Server 2010 environment.
  • You assign the Mail Recipients role to a role assignee.
  • You define the scope of the role assignment to an organizational unit.
  • The role assignee tries to run the Add-MailboxPermission command or the Remove-MailboxPermission command on an Exchange Server 2010 server that is outside the role assignment scope.
In this scenario, the role assignee can unexpectedly run the Add-MailboxPermission command or the Remove-MailboxPermission command on the server.
CAUSE
This issue occurs because there is no Role Based Access Control (RBAC) verification when Exchange Server 2010 runs the Add-MailboxPermission command or the Remove-MailboxPermission command.
RESOLUTION
To resolve this issue, install the following update rollup:
2608646 Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information about the Add-MailboxPermission command, visit the following Microsoft website:For more information about the Remove-MailboxPermission command, visit the following Microsoft website:For more information about the New-ManagementRoleAssignment command, visit the following Microsoft website: For more information about management role assignments, visit the following Microsoft website:
Properties

Article ID: 2549289 - Last Review: 10/28/2011 00:55:00 - Revision: 1.0

Microsoft Exchange Server 2010 Service Pack 1

  • kbqfe kbfix kbsurveynew kbexpertiseinter KB2549289
Feedback
e;" onerror="var m=document.createElement('meta');m.name='ms.dqp0';m.content='true';document.getElementsByTagName('head')[0].appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?"> uage);" class="ng-binding" id="language-es-py">Paraguay - Español
Venezuela - Español
/html>microsoft.com/c.gif?DI=4050&did=1&t="> var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" ')[0].appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?"> 50&did=1&t=">