Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003

Posted on 2004-10-29
7
Medium Priority
?
274 Views
Last Modified: 2010-08-05
I am the Exchange Administrator at my company. I am trying to find a way to view user e-mails within Exchange 2003. I have the necessay rights and have setup a group policy according to Microsofts KB article. However, I can still not view the e-mails. I can view the queues etc. but cannot access the e-mails.
0
Comment
Question by:mjgent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:nihlcat
ID: 12447485
What prevents you from just 'Opening these Additional Mailboxes' under your mailbox?  Too many?
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12448331
Are you using Outlook? I have found the same problem before. I created separate profiles for each mailbox I needed to open. Don't ask me why, but it worked after resetting the permissions, even though I couldn't add their Exchange mailbox to my profile
0
 
LVL 104

Accepted Solution

by:
Sembee earned 375 total points
ID: 12449595
By design you cannot open every mailbox by adjusting permissions in a central place. Microsoft have blocked access.
The only way you can give yourself access to the mailboxes is by enabling the "Full Mailbox Access" option on each individual account.
Once you have given yourself access then you can open them in the regular way, no additional profiles required.

However... you are on very dodgy legal grounds. Depending on your location what you want to do could be illegal. Unless the employees have given you explict permission, either by signing something when they joined or sending you an email it could be a breach of their privacy.

There are very rarely reasons why an adminstrator needs full access to every mailbox.
 
I administrate a number of Exchange servers and I opperate in the same way with all of them.

- I do not have permissions to every mailbox.
- If I need access then I ask the user.
- If the user asks me, then I tell them I need to access the mailbox and is that ok.
- If a director asks then I want it in writing. Email will be fine. It must be senior management asking.
- I then give myself rights to the mailbox.
- After I have done what I need to do I remove rights to the mailbox.
Plus I have auditing turned up very high so my moves are tracked. There is no way I can be accused of reading the user's email without permission.

Simon.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 6

Expert Comment

by:nihlcat
ID: 12450506
Sembee, I am in total agreement with you on the legal implications of reading other's mail.  The last time I brought it up I almost got my face bitten off by the asker!  At my last position, security was quite lax, and I had the authority to read our EVERYONE'S mail.  It was a very uncomfortable situation, and I was happy to move on to a new job.
0
 

Author Comment

by:mjgent
ID: 12463741
While I agree with Sembee for the most part there are other ways to access user mailboxes. As many of you know we as Domain Administrators do not have default rights to do this however security groups and permissions can be configured giving us this ability. See MS KB 262054.

Now, my reason for this post was to find a way to restore the mailstore offline should my exchange 2003 server go down. Microsoft advises that the only way to restore "all" mailboxes offline is to have certain exchange rights not given to admins by default. I gave myself these rights and then was able to gain access should I need to. I personally do not view user e-mails and do not condone unauthorized access in anyway.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 12473990
If you are following best practises on a backup and restore then you still don't need rights to every mailbox. If you did for backup and restore then Microsoft would have put the rights in by default.

In the event that all mailboxes need to be restored then I am restore the information store. I do not and will not do mailbox level (aka brick level) backups. They are slow, inefficient and useless in a diaster recovery scenario.
I do not need rights to every mailbox for an information restore.

Simon.
0
 
LVL 1

Expert Comment

by:molbrych
ID: 13913865
All I had to do in this scenario (not for reading mail but for troubleshooting purposes at the time) was to give myself read as send as permissions access to the database then logged into individual mailboxes with Outlook 2003 (this way i show up in the logging and can defend myself from any questions).  The others are very correct IT in our shop delpends entirely upon trust if we can't trust you your gone.  You should get written approval from the president or someone high up in the cahin before proceeding.  The only reason this is set up for this server is that it is in South Africa and we are on almost oppposite schedules so much of my work for them is after they have left for the day.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question