Restrict Access for MS Exchange Inbox other folder

Posted on 2003-03-12
Medium Priority
Last Modified: 2010-03-18
hi friends,

I have W2k Server ( Standard Server ) with Exchange 2000 ( Enterprises )
All my users able to access there mail + other mails....

I want to avoide or restrict users to access other user mail folder....

how should i do it...

from MS Site... i found.... that ?

i have to deny other users from AD User & Comp, Advance Option.
Users Property,

I could't able to do it......

can any one able to guide me ...


prakash d.r.

Question by:prakashdr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

SimonL-UK earned 200 total points
ID: 8137156
by default, no-one has access to other users mailboxes - you have to explicitly define this access.
This has been set using one of the following:

Method One
If you are NOT the Administrator, or a member of the Domain Admins or Enterprise Admins groups, then you can add your account to the Exchange Services or Exchange Domain Servers groups, and you will be allowed full access to all mailboxes on servers in the domain.

NOTE: The Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.
Method Two
You can grant Windows administrators rights to all mailboxes in the entire organization by changing the permissions on the organization object at the top of the Exchange System Manager tree. If you do not wish to grant such blanket access, you can use "Method Three" to grant access only to individual databases.

The explicit denial of rights to administrators is set on the organization object, by denying Receive As and Send As rights. You can clear these denials for accounts you wish to have full access. Be aware that if the account belongs to an administrator group, that the account will still not be able to access mailboxes, because the denial to the group will take precedence over the grant of permission to the individual account.

To change security on the organization object, you must force display of the Security tab in Exchange System Administrator.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
259221 XADM: Security Tab Not Available on All Objects in System Manager

Method Three
To grant your administrative account access through Exchange System Manager to all mailboxes in a single database, regardless of inherited explicit denials:
Start Exchange System Manager, and then expand the Exchange system tree until you find the database object for which you want to have full mailbox access, for example, Mailbox Store (SERVER1).
Open the properties of this object, and then click the Security tab. If you do not see the Security tab, refer to the Knowledge Base Article described in "Method Two".
Grant your account full explicit permissions on the object, including Receive As and Send As permissions.
After you have made this change, you may still see gray Deny checkmarks on your account, along with black Allow checkmarks. This indicates that by inheritance you have been denied permission, but that you have inherited permissions at this level. In the Windows permissions model, explicitly granted permissions--whether Deny or Allow--override inherited permissions. Note that an explicit Allow at a lower level overrides an explicit Deny from a higher level only on the single object where the override is set, not on that object's child objects. This means that you cannot grant yourself permissions on a server to get access to each database; you must grant permissions on databases individually.

After you change permissions, you may need to log off and log back on. You should also stop and restart all Exchange services to flush the directory cache (or else wait 10 minutes for it to expire). If you have multiple domain controllers in the forest, it may also be necessary to wait for directory replication to complete.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question