mjgent
asked on
Exchange 2003
I am the Exchange Administrator at my company. I am trying to find a way to view user e-mails within Exchange 2003. I have the necessay rights and have setup a group policy according to Microsofts KB article. However, I can still not view the e-mails. I can view the queues etc. but cannot access the e-mails.
What prevents you from just 'Opening these Additional Mailboxes' under your mailbox? Too many?
Are you using Outlook? I have found the same problem before. I created separate profiles for each mailbox I needed to open. Don't ask me why, but it worked after resetting the permissions, even though I couldn't add their Exchange mailbox to my profile
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sembee, I am in total agreement with you on the legal implications of reading other's mail. The last time I brought it up I almost got my face bitten off by the asker! At my last position, security was quite lax, and I had the authority to read our EVERYONE'S mail. It was a very uncomfortable situation, and I was happy to move on to a new job.
ASKER
While I agree with Sembee for the most part there are other ways to access user mailboxes. As many of you know we as Domain Administrators do not have default rights to do this however security groups and permissions can be configured giving us this ability. See MS KB 262054.
Now, my reason for this post was to find a way to restore the mailstore offline should my exchange 2003 server go down. Microsoft advises that the only way to restore "all" mailboxes offline is to have certain exchange rights not given to admins by default. I gave myself these rights and then was able to gain access should I need to. I personally do not view user e-mails and do not condone unauthorized access in anyway.
Now, my reason for this post was to find a way to restore the mailstore offline should my exchange 2003 server go down. Microsoft advises that the only way to restore "all" mailboxes offline is to have certain exchange rights not given to admins by default. I gave myself these rights and then was able to gain access should I need to. I personally do not view user e-mails and do not condone unauthorized access in anyway.
If you are following best practises on a backup and restore then you still don't need rights to every mailbox. If you did for backup and restore then Microsoft would have put the rights in by default.
In the event that all mailboxes need to be restored then I am restore the information store. I do not and will not do mailbox level (aka brick level) backups. They are slow, inefficient and useless in a diaster recovery scenario.
I do not need rights to every mailbox for an information restore.
Simon.
In the event that all mailboxes need to be restored then I am restore the information store. I do not and will not do mailbox level (aka brick level) backups. They are slow, inefficient and useless in a diaster recovery scenario.
I do not need rights to every mailbox for an information restore.
Simon.
All I had to do in this scenario (not for reading mail but for troubleshooting purposes at the time) was to give myself read as send as permissions access to the database then logged into individual mailboxes with Outlook 2003 (this way i show up in the logging and can defend myself from any questions). The others are very correct IT in our shop delpends entirely upon trust if we can't trust you your gone. You should get written approval from the president or someone high up in the cahin before proceeding. The only reason this is set up for this server is that it is in South Africa and we are on almost oppposite schedules so much of my work for them is after they have left for the day.