In ArchiveOne, the ArchiveOne Service maintains mailbox and NT user permissions. It sets up the following default permissions:
- Members of the ArchiveOne Users group (by default called ArchiveOneUsers) must be able to run ArchiveOne Admin in read/write mode, in order to change configuration settings, run policies that search for messages, etc. By default these users cannot configure policies that archive, copy, move or delete messages, and are unable to edit permissions or delete the AOnePolicy*PermsRefDir directories in the AOnePol directory.
- Members of the Administrators group must be in the ArchiveOne Users group to run ArchiveOne Admin. However, Administrators are the only group of users with permission to change permissions on the AOnePolicy*PermsRefDir directories in the AOnePol directory.