Exchange rights to correct all users' wrongs

Posted on 2004-04-14
Last Modified: 2010-03-05
Ok I've asked a similar question but didn't get the answer that I was looking for. It occurs to me that maybe I need to ask what I really want to be able to do. Its only after reflection that I believe that I understand myself.  I want to be able to be selective about what I delete from users' email in the domain. After all some users use their email more effectively than others in an organization than others. So what does that mean? I want to be able to delete certain users emails from different folders based upon their posistion and "need to have" in the organization. whether it be "deleted" or "sent" or whatever. To do that I think I need the rights to open everyones exchange box and have truly administrative rights. Is there a way to do that? And how do I do that, Explicitly? I believe that it would mean some how using Outlook at my end to proxy into the exchange boxes, but how do I give myself the rights to enable that kind of thing with out going around to every users workstation and giving myself explicit "delegated" rights?
I need a step by step explanation because I've thought about it until my hair hurts. After all I want to be as discreet as possible and not have the end users get their feathers in a bunch over their paranoia and big brother watching.
Question by:fi8224
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 27

Accepted Solution

Exchange_Admin earned 84 total points
ID: 10829992
You don't say what version of Exchange you are running.
For Exchange 5.5, if you log in as the Exchange Service Account, then you will be able to open any mailbox you want.
The Exchange Service Account is GOD. :)

For Exchange 2000 check out the following MS KB article:;en-us;262054&Product=exch2k
From the above article:
If you are NOT the Administrator, or a member of the Domain Admins or Enterprise Admins groups, then you can add your account to the Exchange Services or Exchange Domain Servers groups, and you will be allowed full access to all mailboxes on servers in the domain.

Note The Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.

For Exchange 2003 check out the following MS KB article:;en-us;821897&Product=exch2003

Hope this helps.
LVL 26

Assisted Solution

Vahik earned 83 total points
ID: 10830015
well rob u are the big brother in that organization and u will be doing
certain things thoug legal(make sure u get a signed letter from management
that they gave u this permission)wont like it when it is applied to u.
If u want to delete emails then u can use mailbox manager in ur recipient
If u want to have full access to mailboxes so u can do whatever u want to do
then u need full mailbox rights to the individual mailboxes or the whole
mailbox store.I will make it easy for u and tell u how to have access to whole mailbox store.
exchange system manager\mailbox store right click \properties\security
now give urself full control plus allow permissions for send as and
receive as(dont worry about deny just click allow next to it )
Now u will have full mailbox rights to all the mailboxes on that store..
if u really want noone to know once u have full mailbox rights
use owa to access their mailboxes.Good luck.

Expert Comment

ID: 10831495
If you are not running Exchange 2000/2003, I advise switching. These version support mailbox management service. This basically allows you to define how old Emails must become before they will be removed and such. This would take away your maual need to enter mailboxes.

Author Comment

ID: 10839618
Oops, forgot to mention that I'm mostly using Exchange 2000 these days though I still have some 5.5 holdouts and newer 2003 clients.
How would I login using OWA to other user accounts. Usually you have to use a user name and password. If I'm say, Administrator, how would I login as Joe Schmoe?

Assisted Solution

ErikKvK earned 83 total points
ID: 10840325
In OWA if you login, logout then you should be able to supply an Alias for the mailbox you want to open.

I think that this is not the approach for the problem. You would do much better in communicating to users how to handle Email and all the outlook features. Develop a Email policy for your organization. In the long run this will resolve the problems instead of keeping them under control and in hand. This approach does not contain any measure in curing the illness, just in handling the symptoms.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question