Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Exchange rights to correct all users' wrongs

Ok I've asked a similar question but didn't get the answer that I was looking for. It occurs to me that maybe I need to ask what I really want to be able to do. Its only after reflection that I believe that I understand myself.  I want to be able to be selective about what I delete from users' email in the domain. After all some users use their email more effectively than others in an organization than others. So what does that mean? I want to be able to delete certain users emails from different folders based upon their posistion and "need to have" in the organization. whether it be "deleted" or "sent" or whatever. To do that I think I need the rights to open everyones exchange box and have truly administrative rights. Is there a way to do that? And how do I do that, Explicitly? I believe that it would mean some how using Outlook at my end to proxy into the exchange boxes, but how do I give myself the rights to enable that kind of thing with out going around to every users workstation and giving myself explicit "delegated" rights?
I need a step by step explanation because I've thought about it until my hair hurts. After all I want to be as discreet as possible and not have the end users get their feathers in a bunch over their paranoia and big brother watching.
Rob
0
fi8224
Asked:
fi8224
3 Solutions
 
Exchange_AdminCommented:
You don't say what version of Exchange you are running.
For Exchange 5.5, if you log in as the Exchange Service Account, then you will be able to open any mailbox you want.
The Exchange Service Account is GOD. :)

For Exchange 2000 check out the following MS KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;262054&Product=exch2k
From the above article:
If you are NOT the Administrator, or a member of the Domain Admins or Enterprise Admins groups, then you can add your account to the Exchange Services or Exchange Domain Servers groups, and you will be allowed full access to all mailboxes on servers in the domain.

Note The Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.


For Exchange 2003 check out the following MS KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;821897&Product=exch2003

Hope this helps.
0
 
VahikCommented:
well rob u are the big brother in that organization and u will be doing
certain things thoug legal(make sure u get a signed letter from management
that they gave u this permission)wont like it when it is applied to u.
If u want to delete emails then u can use mailbox manager in ur recipient
policy.
If u want to have full access to mailboxes so u can do whatever u want to do
then u need full mailbox rights to the individual mailboxes or the whole
mailbox store.I will make it easy for u and tell u how to have access to whole mailbox store.
exchange system manager\mailbox store right click \properties\security
now give urself full control plus allow permissions for send as and
receive as(dont worry about deny just click allow next to it )
Now u will have full mailbox rights to all the mailboxes on that store..
if u really want noone to know once u have full mailbox rights
use owa to access their mailboxes.Good luck.
0
 
ErikKvKCommented:
If you are not running Exchange 2000/2003, I advise switching. These version support mailbox management service. This basically allows you to define how old Emails must become before they will be removed and such. This would take away your maual need to enter mailboxes.
0
 
fi8224Author Commented:
Oops, forgot to mention that I'm mostly using Exchange 2000 these days though I still have some 5.5 holdouts and newer 2003 clients.
How would I login using OWA to other user accounts. Usually you have to use a user name and password. If I'm say, Administrator, how would I login as Joe Schmoe?
Rob
0
 
ErikKvKCommented:
In OWA if you login, logout then you should be able to supply an Alias for the mailbox you want to open.


I think that this is not the approach for the problem. You would do much better in communicating to users how to handle Email and all the outlook features. Develop a Email policy for your organization. In the long run this will resolve the problems instead of keeping them under control and in hand. This approach does not contain any measure in curing the illness, just in handling the symptoms.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now