Solved

Exchange rights to correct all users' wrongs

Posted on 2004-04-14
7
256 Views
Last Modified: 2010-03-05
Ok I've asked a similar question but didn't get the answer that I was looking for. It occurs to me that maybe I need to ask what I really want to be able to do. Its only after reflection that I believe that I understand myself.  I want to be able to be selective about what I delete from users' email in the domain. After all some users use their email more effectively than others in an organization than others. So what does that mean? I want to be able to delete certain users emails from different folders based upon their posistion and "need to have" in the organization. whether it be "deleted" or "sent" or whatever. To do that I think I need the rights to open everyones exchange box and have truly administrative rights. Is there a way to do that? And how do I do that, Explicitly? I believe that it would mean some how using Outlook at my end to proxy into the exchange boxes, but how do I give myself the rights to enable that kind of thing with out going around to every users workstation and giving myself explicit "delegated" rights?
I need a step by step explanation because I've thought about it until my hair hurts. After all I want to be as discreet as possible and not have the end users get their feathers in a bunch over their paranoia and big brother watching.
Rob
0
Comment
Question by:fi8224
7 Comments
 
LVL 27

Accepted Solution

by:
Exchange_Admin earned 84 total points
ID: 10829992
You don't say what version of Exchange you are running.
For Exchange 5.5, if you log in as the Exchange Service Account, then you will be able to open any mailbox you want.
The Exchange Service Account is GOD. :)

For Exchange 2000 check out the following MS KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;262054&Product=exch2k
From the above article:
If you are NOT the Administrator, or a member of the Domain Admins or Enterprise Admins groups, then you can add your account to the Exchange Services or Exchange Domain Servers groups, and you will be allowed full access to all mailboxes on servers in the domain.

Note The Exchange Services group may not exist if you have never deployed the Active Directory Connector in your organization.


For Exchange 2003 check out the following MS KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;821897&Product=exch2003

Hope this helps.
0
 
LVL 26

Assisted Solution

by:Vahik
Vahik earned 83 total points
ID: 10830015
well rob u are the big brother in that organization and u will be doing
certain things thoug legal(make sure u get a signed letter from management
that they gave u this permission)wont like it when it is applied to u.
If u want to delete emails then u can use mailbox manager in ur recipient
policy.
If u want to have full access to mailboxes so u can do whatever u want to do
then u need full mailbox rights to the individual mailboxes or the whole
mailbox store.I will make it easy for u and tell u how to have access to whole mailbox store.
exchange system manager\mailbox store right click \properties\security
now give urself full control plus allow permissions for send as and
receive as(dont worry about deny just click allow next to it )
Now u will have full mailbox rights to all the mailboxes on that store..
if u really want noone to know once u have full mailbox rights
use owa to access their mailboxes.Good luck.
0
 
LVL 8

Expert Comment

by:ErikKvK
ID: 10831495
If you are not running Exchange 2000/2003, I advise switching. These version support mailbox management service. This basically allows you to define how old Emails must become before they will be removed and such. This would take away your maual need to enter mailboxes.
0
 
LVL 1

Author Comment

by:fi8224
ID: 10839618
Oops, forgot to mention that I'm mostly using Exchange 2000 these days though I still have some 5.5 holdouts and newer 2003 clients.
How would I login using OWA to other user accounts. Usually you have to use a user name and password. If I'm say, Administrator, how would I login as Joe Schmoe?
Rob
0
 
LVL 8

Assisted Solution

by:ErikKvK
ErikKvK earned 83 total points
ID: 10840325
In OWA if you login, logout then you should be able to supply an Alias for the mailbox you want to open.


I think that this is not the approach for the problem. You would do much better in communicating to users how to handle Email and all the outlook features. Develop a Email policy for your organization. In the long run this will resolve the problems instead of keeping them under control and in hand. This approach does not contain any measure in curing the illness, just in handling the symptoms.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now