Administration menu
Authentication modes
Data loaders
About data loaders
Data loaders and Outlook message classes
Message processing
Add, edit or delete a data loader
Download tools
About download tools
Search Exporter
Federated Search Instances
Prerequisites
Installing and running the Search Exporter
Additional configuration options
Exporting data
Open exported search results
Outlook Components tool
Recovery Manager for Exchange
Offline Client
Prerequisites
Downloading the Offline Client
Enabling offline access to the archive
Adding administrative templates
Deploying the Archive Manager Offline Client
Deploy using group policy
Outlook Web App (OWA) reconstruction tool
URL Redirect
Prerequisites
Installation
Editing the RedirectConfig.xml file
Deploying the URL Redirect link
Logging in to the URL Redirect website
Changing the Archive Manager server
API and SDK
About Federated Search Instances
Adding Federated Search Instances
Editing Federated Search Instances
Performing searches on Federated Search Instances
Troubleshooting
Groups
Index management
Overview
Configuring the Full Text Index
Index Dashboard
Logins
Security roles
Storage location
Index Overview tab
Message Index tab
Attachment Index tab
Work-In-Progress Index tab
Deleted Index tab
Partition set, shard, and details page
Index Operation Log
Index Rollover Policy
Storage location and migration
Prerequisites
Storage Location tab
Storage Migration tab
View Storage Migration History
Message tags
Proxy credentials
Alert Service Policies
About Alert Service Policies
Default Global Settings
Adding an Alert Policy
Modifying an Alert Policy
Exclusion rules
Mail servers
Mailbox assignment
Mailboxes
Lync servers
Lync user assignment
Lync users
Reports
About reports
Mailbox Scan Status report
My Search Log report
Questionable Access report
Search Log report
Storage Statistics report
Viewed Messages report
Delegation Log report
Delegation Status report
Message policies
About message policies
Message policies and deleted items
Add, edit, or delete a message policy
Setting up archiving without journaling
Message policy assignments
About message policy assignments
Associate users with a message policy
Mailbox Search
Disassociate users from a message policy
Retention policies
Retention policy overview
Retention policy tabs
Policy Editor tab
Execution Log tab
Change Log tab
Legal Hold tab
Schedule tab
Settings tab
Tenants
System maintenance
Log Viewer
About the Log Viewer
Log Viewer menus and toolbar
How to ...
Configuring logs
EventLogAppender
TraceAppender
RollingFileAppender
ColoredConsoleAppender
Additional information
Exchange Utility
About the Exchange Utility
Install and run the Exchange Utility
Menu items
Get mailboxes
Create Outlook Archive Manager folder
Install Outlook Form
Update Archive Manager URL
Reconstruct stubbed messages
Update stubbed message checksums
Administering in a hosted Exchange environment
System requirements for running ESM in a hosted Exchange environment
Configuring ownership and access to user mailboxes on hosted Exchange
URL parameter
Agreement text
Auditing
Appendix A: Moving database or attachment store
Appendix B: Enabling generating publisher evidence
Add a security role
|
1 |
|
2 |
Enter a name for the security group in the Security Role field. |
|
3 |
Click Add to add the new security role to the system. |
Edit a security role
|
• |
|
2 |
Click Edit to the left of the security role name to display the Edit Security Role form for the selected role. |
Revise the security role information as described in the following steps.
|
2 |
Select the checkbox to the right of each security action you want to associate with this security role, and click Add Selection (at the bottom of the column). |
|
1 |
Locate the security action in the list of currently selected security actions displayed in the Edit Security Role form. |
|
2 |
Click Delete  to the right of the security action. The Delete Security Action confirmation message is displayed. |
|
3 |
Click OK to confirm the deletion. The selected security action is removed from the list of currently-loaded security actions associated with the security role and re-displayed in the list of security actions available to add. |
Delete a security role
|
• |
|
2 |
|
3 |
Click OK to confirm the deletion. The selected security role is deleted, and the Security Role Administration form is displayed. |
|
NOTE: Alternatively, you can delete a security role by opening the Edit Security Role form (as described in the section Edit Security Role), clicking Delete, and confirming the deletion. |
Security actions
|
• |
Add/Edit Custom Mailboxes: Removes the ability to see or access Custom Mailboxes, but the pane always remains in view. |
|
• |
Add Messages: Lets a user add new messages to Archive Manager by API. |
|
• |
Assign PST Migration Policy: A legacy action from a previous version of Archive Manager (for backward compatibility only). |
|
• |
Change Authentication Mode: Lets a user access the Administration section of Archive Manager and change whether users will sign in with Windows authentication or Forms authentication. It is recommended that this action be restricted to administrators only. Changing authentication modes requires some manual configuration of the Website through the IIS Manager. Please see the see the Authentication modes chapter. |
|
• |
Delegate Mailboxes: Allows users to delegate permissions to the mailboxes that they own. It is assigned to the Administrator security role by default. |
|
• |
Download Tools: Lets a user access the Administration section of Archive Manager and download any of the available tools. Many of these tools augment administrative functions of Archive Manager, and it is recommended that this action be restricted to administrators only. |
|
• |
Edit Alert Service Policies: Lets a user create, edit and delete alert service policies. |
|
• |
Edit Config Settings: Lets a user to create, edit and delete configuration settings. |
|
• |
Edit Data Loaders: Lets a user access the Administration section of Archive Manager with rights to add, edit, and delete the Data Loader configuration. It is recommended that this action be restricted to only administrators who understand the impacts of the Data Loader configuration. |
|
• |
Edit Exclusion Rules: Lets a user access the Administration section of Archive Manager, with rights to add, edit, and delete Exclusion Rules. Exclusion Rules are processed by the Data Loader and can be used to prevent certain types of content from entering the archive. |
|
• |
Edit Federated Search Instances: Lets a user access the Administration section or Archive Manager, with rights to add, edit, and delete the Federated Search Instance configuration. This configuration also lets Archive Manager search other instances. (This action does not let a user search other instances, which is controlled by the Search All Instances security action.) |
|
• |
Edit Groups: Lets a user access the Administration section of Archive Manager, with rights to review groups that have been populated by the Active Directory Connector. The user can also create, edit, and delete Groups for the DEFAULT domain, which is the Archive Manager Security domain. |
|
• |
Edit Legal Hold: Lets a user set and remove Legal Hold. To do this, the user must have the Archive Manager Retention Editor installed. The Legal Hold tab is used to put an immediate stop on the Retention engine while urgent policy change is evaluated. |
|
• |
Edit Logins: Lets a user access the Administration section of Archive manager, and review the Logins that have been populated by the Active Directory Connector. The user can also create, edit, and delete Logins for the DEFAULT domain, which is the Archive Manager Security Domain. In addition, the user can edit security roles, and access mailboxes for users populated by the Directory Connector. Users cannot change their own security roles, but if they have access to the Edit Security Roles action, they will be able to add or remove actions from their security roles. |
|
• |
Edit Lync Archiving: Lets a user access the Administration section of Archive Manager to edit, enable, or disable a Lync server, and edit and delete security roles. Users cannot delete security roles that are in use; a security role must be removed from all logins before it can be deleted. |
|
• |
Edit Mailboxes: Lets a user access the Administration section of the Archive Manager website, and review mailboxes that have been populated by the Active Directory Connector. The user can also create, edit and delete Custom Mailboxes, and can edit which logins can access mailboxes populated by the AD Connector. |
|
• |
Edit Message Policies: Lets a user access the Administration section of Archive Manager, and create, edit and delete message policies. Use caution in assigning this privilege, since editing existing message policies can change the operational parameters for the archive and may cause unwanted behavior such as the deletion of messages from the Exchange Mailbox Store. Users cannot delete message policies that are currently in use. |
|
• |
Edit Message Tags: Lets a user access the Administration section of Archive Manager, and create, edit and delete message tags. Users cannot delete tags that are in use. |
|
• |
Edit Proxy Credentials: Lets a user manage the proxy credentials for Office 365 or hosted Exchange mailboxes. |
|
• |
Edit PST Migration Policies: A legacy action from a previous version of Archive Manager (for backward compatibility only). |
|
• |
Edit Retention Policies: Lets a user create, edit and delete retention policies. |
|
• |
Edit Security Roles: Lets a user access the Administration section of Archive Manager, and create, edit and delete security roles. Users cannot delete security roles that are in use; a security role must be removed from all logins before it can be deleted. Use caution in assigning this privilege, since it controls your permissions within Archive Manager. |
|
• |
Export Email: Makes the Export button accessible on the right-hand side of the search interface. Since this export feature applies only to search results, the button is available only when a search has been completed. The Search Exporter must be installed on the workstation for this button to export the result. |
|
• |
Impersonate: This security action is used for performing a Federated Search. It assigns credentials for a user on the remote instance you wish to search. When configuring Federated Instances, the Impersonate security action must be applied to the Security Role containing the configured federated user. |
|
• |
Person Search: Allows access to the Person Search dialog box from the To/From Search tab and the Send Message window in the Website. |
|
• |
Reply and Forward: Makes the Reply, Forward, and Send To Me buttons available when viewing a message. These buttons appear only when enabled if the user has an SMTP email address listed in the login record. |
|
• |
Search All Emails: Makes the Search All Emails check box available in the Search section of the Archive Manager User Website. Since this privilege lets a user search all email in the Archive Manager store, it should be extended only to end users who need this level of control. By default, this action is assigned to the Administrator security role, but you should consider removing it from that role once the system is in production. |
|
• |
Search All Instances: Makes the Search All Instances check box available in the Search section of the Archive Manager User Website, which lets a user search all email in the Archive Manager store on federated instances. The federated instances are controlled by the administrator from the Administration Website. There is no option to restrict the user to a specific instance; this action allows a user to search all configured instances. |
|
• |
Set Message Tags: Lets a user see the Tags tab when viewing a message, and set any of the available tags on the message. It does not let the user create tags. Creating tags is handled by the Edit Message Tags action described above. |
|
• |
Storage Location: Lets a user to create, edit and delete storage location. |
|
• |
View Additional Documentation: Lets a user access the Documentation section of the Administration Website. |
|
• |
View BCC: Lets a user see the BCC information for a message when it is viewed through the Archive Manager Website. |
|
• |
View Config Settings: Lets a user view all configuration settings. |
|
• |
View Delegation: Produces a report that lets a user view the history of the hosted mailbox delegation. |
|
• |
View Message Access History: Displays an Access tab when viewing a message in the Archive Manager Website. The Access tab lists all users that have opened and viewed the message from the Archive Manager Website. This action is not assigned to users by default. |
|
• |
View Message Comments: Displays a Comments tab when viewing a message, which lets a user view and add comments to the message. Comments can be marked public or private. Public comments are visible to all users who have the View Message Comments action; private comments are visible only to the user who created them. |
|
• |
View Message Headers: Displays a Header tab when viewing a message, which lets a user see the MIME header of the message. |
|
• |
View Message Journal Report: When using Journaling, displays extended information such as Distribution List expansion and BCC recipient in addition to the Journal Report. |
|
• |
View Message Tags: Displays the Tags tab when viewing a message, which lets the user view tags that have been applied to the message. If users need to add or delete tags, they must also have the Set Message Tags security action. |
|
• |
View Report - Event Log: This report is no longer available. Use the Windows Event Viewer application to view the Archive Manager Event Log. |
|
• |
View Report - Mailbox Scan Status: Produces a report that lets a user view the latest status of the mailbox scanning. |
|
• |
View Report - My Search Log: Produces a report that lets a user view a history of his/her searches within Archive Manager. This action is disabled by default. It is specifically excluded from the Administrator Security Role since that security role has access to the View Report - Search Log security action, which provides the same level of access. |
|
• |
View Report - Search Log: Produces a report that lets a user view a history of either a specific user over a given time period, or all users over a given time period. |
|
• |
View Report - Security Breach: This report is no longer available. Assign access the Unauthorized Access report instead. |
|
• |
View Report - Viewed Messages: This report shows all messages opened by the user. |