Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Restrict Access for MS Exchange Inbox other folder

Posted on 2003-03-12
Medium Priority
Last Modified: 2010-03-18
hi friends,

I have W2k Server ( Standard Server ) with Exchange 2000 ( Enterprises )
All my users able to access there mail + other mails....

I want to avoide or restrict users to access other user mail folder....

how should i do it...

from MS Site... i found.... that ?

i have to deny other users from AD User & Comp, Advance Option.
Users Property,

I could't able to do it......

can any one able to guide me ...


prakash d.r.

Question by:prakashdr
1 Comment

Accepted Solution

SimonL-UK earned 200 total points
ID: 8137156
by default, no-one has access to other users mailboxes - you have to explicitly define this access.
This has been set using one of the following:

Method One
If you are NOT the Administrator, or a member of the Domain Admins or Enterprise Admins groups, then you can add your account to the Exchange Services or Exchange Domain Servers groups, and you will be allowed full access to all mailboxes on servers in the domain.

NOTE: The Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.
Method Two
You can grant Windows administrators rights to all mailboxes in the entire organization by changing the permissions on the organization object at the top of the Exchange System Manager tree. If you do not wish to grant such blanket access, you can use "Method Three" to grant access only to individual databases.

The explicit denial of rights to administrators is set on the organization object, by denying Receive As and Send As rights. You can clear these denials for accounts you wish to have full access. Be aware that if the account belongs to an administrator group, that the account will still not be able to access mailboxes, because the denial to the group will take precedence over the grant of permission to the individual account.

To change security on the organization object, you must force display of the Security tab in Exchange System Administrator.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
259221 XADM: Security Tab Not Available on All Objects in System Manager

Method Three
To grant your administrative account access through Exchange System Manager to all mailboxes in a single database, regardless of inherited explicit denials:
Start Exchange System Manager, and then expand the Exchange system tree until you find the database object for which you want to have full mailbox access, for example, Mailbox Store (SERVER1).
Open the properties of this object, and then click the Security tab. If you do not see the Security tab, refer to the Knowledge Base Article described in "Method Two".
Grant your account full explicit permissions on the object, including Receive As and Send As permissions.
After you have made this change, you may still see gray Deny checkmarks on your account, along with black Allow checkmarks. This indicates that by inheritance you have been denied permission, but that you have inherited permissions at this level. In the Windows permissions model, explicitly granted permissions--whether Deny or Allow--override inherited permissions. Note that an explicit Allow at a lower level overrides an explicit Deny from a higher level only on the single object where the override is set, not on that object's child objects. This means that you cannot grant yourself permissions on a server to get access to each database; you must grant permissions on databases individually.

After you change permissions, you may need to log off and log back on. You should also stop and restart all Exchange services to flush the directory cache (or else wait 10 minutes for it to expire). If you have multiple domain controllers in the forest, it may also be necessary to wait for directory replication to complete.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question