[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Domain Administrators open other Exchange Mailboxes

Posted on 2006-07-19
8
Medium Priority
?
322 Views
Last Modified: 2010-03-06
I'm running Microsoft Exchange Server 2003; Currently, I have several user accounts which are part of the 'Domain Administrators' group, and many more accounts which are 'Domain Users'.

Domain Admins are able to open MS Outlook 2003 on their desktop, and go to FILE -> OPEN -> OTHER USER'S FOLDER and then open any other user's mailbox and view all of their mail.

Domain Users are not able to open any other mailbox besides their own.

I believe it is possible to also limit Domain Admins in the same way, but how?

I've spent many hours already looking for the exact fix, but I have not found a solution yet which matches my situation.

Thanx in advance for your help!
0
Comment
Question by:mlcurry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 5

Accepted Solution

by:
DhammikaWee earned 2000 total points
ID: 17143814
Hi,

       In Exchange 2003 by default the full mail box permissions are not given to enterprise admins or domain admins, but in your case it seems they are given the access. You can remove those access rights to domain admin group from Exchange Manager.

Open Exchange manager > Administrative group > "First Administrative Group" ( or name of the administrative group) > "server" > "first storage group" (or storage group name) > Mail box store

right click on the Mailbox Store and goto properties
in Security tab
u can allow or deny access to the all mail boxes within that store.

So what u can do is create a different security group for deny full control for mail boxes and add all the admins to that group
then add that group to the security tab of the Mailbox store and deny full controll to the store that will solve the problem.

be carefull do not let those ppl to log in to the mail server then they can change the permissions as they are Administrators.

0
 
LVL 8

Expert Comment

by:bilbus
ID: 17143900
on exchange 2003 domain admins by default are not permited to open other ppl's mailboxes. In exchange 5.5 they could.

sounds like somone set that up

http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

read that and undo it
0
 
LVL 5

Expert Comment

by:DhammikaWee
ID: 17144058
yeah I read that too just to confirm about what default rights are.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:mlcurry
ID: 17169585
thanx for the quick responses; i haven't had a chance to look into the suggestions yet, but i will as soon as i have a chance. I've not abandoned this question!
0
 
LVL 8

Expert Comment

by:bilbus
ID: 17351104
How come i did not get a points split?
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17352752
Hi bilbus,

You didnt provide any more useful information than DhammikaWee - they had a complete set of instructions posted to achieve the desired result.

Yes the link was accurate, and also provided a solution, but DhammikaWee got in first, with a perfectly correct answer.


In future, it is far better to object to a recommendation BEFORE the moderators have closed the question.

-red
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question