Exchange rights to correct all users' wrongs

Posted on 2004-04-14
Last Modified: 2010-03-05
Ok I've asked a similar question but didn't get the answer that I was looking for. It occurs to me that maybe I need to ask what I really want to be able to do. Its only after reflection that I believe that I understand myself.  I want to be able to be selective about what I delete from users' email in the domain. After all some users use their email more effectively than others in an organization than others. So what does that mean? I want to be able to delete certain users emails from different folders based upon their posistion and "need to have" in the organization. whether it be "deleted" or "sent" or whatever. To do that I think I need the rights to open everyones exchange box and have truly administrative rights. Is there a way to do that? And how do I do that, Explicitly? I believe that it would mean some how using Outlook at my end to proxy into the exchange boxes, but how do I give myself the rights to enable that kind of thing with out going around to every users workstation and giving myself explicit "delegated" rights?
I need a step by step explanation because I've thought about it until my hair hurts. After all I want to be as discreet as possible and not have the end users get their feathers in a bunch over their paranoia and big brother watching.
Question by:fi8224
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 27

Accepted Solution

Exchange_Admin earned 84 total points
ID: 10829992
You don't say what version of Exchange you are running.
For Exchange 5.5, if you log in as the Exchange Service Account, then you will be able to open any mailbox you want.
The Exchange Service Account is GOD. :)

For Exchange 2000 check out the following MS KB article:;en-us;262054&Product=exch2k
From the above article:
If you are NOT the Administrator, or a member of the Domain Admins or Enterprise Admins groups, then you can add your account to the Exchange Services or Exchange Domain Servers groups, and you will be allowed full access to all mailboxes on servers in the domain.

Note The Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.

For Exchange 2003 check out the following MS KB article:;en-us;821897&Product=exch2003

Hope this helps.
LVL 26

Assisted Solution

Vahik earned 83 total points
ID: 10830015
well rob u are the big brother in that organization and u will be doing
certain things thoug legal(make sure u get a signed letter from management
that they gave u this permission)wont like it when it is applied to u.
If u want to delete emails then u can use mailbox manager in ur recipient
If u want to have full access to mailboxes so u can do whatever u want to do
then u need full mailbox rights to the individual mailboxes or the whole
mailbox store.I will make it easy for u and tell u how to have access to whole mailbox store.
exchange system manager\mailbox store right click \properties\security
now give urself full control plus allow permissions for send as and
receive as(dont worry about deny just click allow next to it )
Now u will have full mailbox rights to all the mailboxes on that store..
if u really want noone to know once u have full mailbox rights
use owa to access their mailboxes.Good luck.

Expert Comment

ID: 10831495
If you are not running Exchange 2000/2003, I advise switching. These version support mailbox management service. This basically allows you to define how old Emails must become before they will be removed and such. This would take away your maual need to enter mailboxes.

Author Comment

ID: 10839618
Oops, forgot to mention that I'm mostly using Exchange 2000 these days though I still have some 5.5 holdouts and newer 2003 clients.
How would I login using OWA to other user accounts. Usually you have to use a user name and password. If I'm say, Administrator, how would I login as Joe Schmoe?

Assisted Solution

ErikKvK earned 83 total points
ID: 10840325
In OWA if you login, logout then you should be able to supply an Alias for the mailbox you want to open.

I think that this is not the approach for the problem. You would do much better in communicating to users how to handle Email and all the outlook features. Develop a Email policy for your organization. In the long run this will resolve the problems instead of keeping them under control and in hand. This approach does not contain any measure in curing the illness, just in handling the symptoms.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question