Exchange 2003

Posted on 2004-10-29
Medium Priority
Last Modified: 2010-08-05
I am the Exchange Administrator at my company. I am trying to find a way to view user e-mails within Exchange 2003. I have the necessay rights and have setup a group policy according to Microsofts KB article. However, I can still not view the e-mails. I can view the queues etc. but cannot access the e-mails.
Question by:mjgent

Expert Comment

ID: 12447485
What prevents you from just 'Opening these Additional Mailboxes' under your mailbox?  Too many?

Expert Comment

ID: 12448331
Are you using Outlook? I have found the same problem before. I created separate profiles for each mailbox I needed to open. Don't ask me why, but it worked after resetting the permissions, even though I couldn't add their Exchange mailbox to my profile
LVL 104

Accepted Solution

Sembee earned 375 total points
ID: 12449595
By design you cannot open every mailbox by adjusting permissions in a central place. Microsoft have blocked access.
The only way you can give yourself access to the mailboxes is by enabling the "Full Mailbox Access" option on each individual account.
Once you have given yourself access then you can open them in the regular way, no additional profiles required.

However... you are on very dodgy legal grounds. Depending on your location what you want to do could be illegal. Unless the employees have given you explict permission, either by signing something when they joined or sending you an email it could be a breach of their privacy.

There are very rarely reasons why an adminstrator needs full access to every mailbox.
I administrate a number of Exchange servers and I opperate in the same way with all of them.

- I do not have permissions to every mailbox.
- If I need access then I ask the user.
- If the user asks me, then I tell them I need to access the mailbox and is that ok.
- If a director asks then I want it in writing. Email will be fine. It must be senior management asking.
- I then give myself rights to the mailbox.
- After I have done what I need to do I remove rights to the mailbox.
Plus I have auditing turned up very high so my moves are tracked. There is no way I can be accused of reading the user's email without permission.

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!


Expert Comment

ID: 12450506
Sembee, I am in total agreement with you on the legal implications of reading other's mail.  The last time I brought it up I almost got my face bitten off by the asker!  At my last position, security was quite lax, and I had the authority to read our EVERYONE'S mail.  It was a very uncomfortable situation, and I was happy to move on to a new job.

Author Comment

ID: 12463741
While I agree with Sembee for the most part there are other ways to access user mailboxes. As many of you know we as Domain Administrators do not have default rights to do this however security groups and permissions can be configured giving us this ability. See MS KB 262054.

Now, my reason for this post was to find a way to restore the mailstore offline should my exchange 2003 server go down. Microsoft advises that the only way to restore "all" mailboxes offline is to have certain exchange rights not given to admins by default. I gave myself these rights and then was able to gain access should I need to. I personally do not view user e-mails and do not condone unauthorized access in anyway.
LVL 104

Expert Comment

ID: 12473990
If you are following best practises on a backup and restore then you still don't need rights to every mailbox. If you did for backup and restore then Microsoft would have put the rights in by default.

In the event that all mailboxes need to be restored then I am restore the information store. I do not and will not do mailbox level (aka brick level) backups. They are slow, inefficient and useless in a diaster recovery scenario.
I do not need rights to every mailbox for an information restore.


Expert Comment

ID: 13913865
All I had to do in this scenario (not for reading mail but for troubleshooting purposes at the time) was to give myself read as send as permissions access to the database then logged into individual mailboxes with Outlook 2003 (this way i show up in the logging and can defend myself from any questions).  The others are very correct IT in our shop delpends entirely upon trust if we can't trust you your gone.  You should get written approval from the president or someone high up in the cahin before proceeding.  The only reason this is set up for this server is that it is in South Africa and we are on almost oppposite schedules so much of my work for them is after they have left for the day.

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Learn about cloud computing and its benefits for small business owners.
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
In the video, one can understand the process of resizing images in single or bulk. Kernel Bulk Image Resizer is an easy to use tool for resizing large number of images. One can add and resize multiple images with this tool in single go. The video sh…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question