Exchange 2003

I am the Exchange Administrator at my company. I am trying to find a way to view user e-mails within Exchange 2003. I have the necessay rights and have setup a group policy according to Microsofts KB article. However, I can still not view the e-mails. I can view the queues etc. but cannot access the e-mails.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What prevents you from just 'Opening these Additional Mailboxes' under your mailbox?  Too many?
Are you using Outlook? I have found the same problem before. I created separate profiles for each mailbox I needed to open. Don't ask me why, but it worked after resetting the permissions, even though I couldn't add their Exchange mailbox to my profile
By design you cannot open every mailbox by adjusting permissions in a central place. Microsoft have blocked access.
The only way you can give yourself access to the mailboxes is by enabling the "Full Mailbox Access" option on each individual account.
Once you have given yourself access then you can open them in the regular way, no additional profiles required.

However... you are on very dodgy legal grounds. Depending on your location what you want to do could be illegal. Unless the employees have given you explict permission, either by signing something when they joined or sending you an email it could be a breach of their privacy.

There are very rarely reasons why an adminstrator needs full access to every mailbox.
I administrate a number of Exchange servers and I opperate in the same way with all of them.

- I do not have permissions to every mailbox.
- If I need access then I ask the user.
- If the user asks me, then I tell them I need to access the mailbox and is that ok.
- If a director asks then I want it in writing. Email will be fine. It must be senior management asking.
- I then give myself rights to the mailbox.
- After I have done what I need to do I remove rights to the mailbox.
Plus I have auditing turned up very high so my moves are tracked. There is no way I can be accused of reading the user's email without permission.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Sembee, I am in total agreement with you on the legal implications of reading other's mail.  The last time I brought it up I almost got my face bitten off by the asker!  At my last position, security was quite lax, and I had the authority to read our EVERYONE'S mail.  It was a very uncomfortable situation, and I was happy to move on to a new job.
mjgentAuthor Commented:
While I agree with Sembee for the most part there are other ways to access user mailboxes. As many of you know we as Domain Administrators do not have default rights to do this however security groups and permissions can be configured giving us this ability. See MS KB 262054.

Now, my reason for this post was to find a way to restore the mailstore offline should my exchange 2003 server go down. Microsoft advises that the only way to restore "all" mailboxes offline is to have certain exchange rights not given to admins by default. I gave myself these rights and then was able to gain access should I need to. I personally do not view user e-mails and do not condone unauthorized access in anyway.
If you are following best practises on a backup and restore then you still don't need rights to every mailbox. If you did for backup and restore then Microsoft would have put the rights in by default.

In the event that all mailboxes need to be restored then I am restore the information store. I do not and will not do mailbox level (aka brick level) backups. They are slow, inefficient and useless in a diaster recovery scenario.
I do not need rights to every mailbox for an information restore.

All I had to do in this scenario (not for reading mail but for troubleshooting purposes at the time) was to give myself read as send as permissions access to the database then logged into individual mailboxes with Outlook 2003 (this way i show up in the logging and can defend myself from any questions).  The others are very correct IT in our shop delpends entirely upon trust if we can't trust you your gone.  You should get written approval from the president or someone high up in the cahin before proceeding.  The only reason this is set up for this server is that it is in South Africa and we are on almost oppposite schedules so much of my work for them is after they have left for the day.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.