Improve company productivity with a Business Account.Sign Up

x
?
Solved

Domain Administrators open other Exchange Mailboxes

Posted on 2006-07-19
8
Medium Priority
?
327 Views
Last Modified: 2010-03-06
I'm running Microsoft Exchange Server 2003; Currently, I have several user accounts which are part of the 'Domain Administrators' group, and many more accounts which are 'Domain Users'.

Domain Admins are able to open MS Outlook 2003 on their desktop, and go to FILE -> OPEN -> OTHER USER'S FOLDER and then open any other user's mailbox and view all of their mail.

Domain Users are not able to open any other mailbox besides their own.

I believe it is possible to also limit Domain Admins in the same way, but how?

I've spent many hours already looking for the exact fix, but I have not found a solution yet which matches my situation.

Thanx in advance for your help!
0
Comment
Question by:mlcurry
6 Comments
 
LVL 5

Accepted Solution

by:
DhammikaWee earned 2000 total points
ID: 17143814
Hi,

       In Exchange 2003 by default the full mail box permissions are not given to enterprise admins or domain admins, but in your case it seems they are given the access. You can remove those access rights to domain admin group from Exchange Manager.

Open Exchange manager > Administrative group > "First Administrative Group" ( or name of the administrative group) > "server" > "first storage group" (or storage group name) > Mail box store

right click on the Mailbox Store and goto properties
in Security tab
u can allow or deny access to the all mail boxes within that store.

So what u can do is create a different security group for deny full control for mail boxes and add all the admins to that group
then add that group to the security tab of the Mailbox store and deny full controll to the store that will solve the problem.

be carefull do not let those ppl to log in to the mail server then they can change the permissions as they are Administrators.

0
 
LVL 8

Expert Comment

by:bilbus
ID: 17143900
on exchange 2003 domain admins by default are not permited to open other ppl's mailboxes. In exchange 5.5 they could.

sounds like somone set that up

http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

read that and undo it
0
 
LVL 5

Expert Comment

by:DhammikaWee
ID: 17144058
yeah I read that too just to confirm about what default rights are.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:mlcurry
ID: 17169585
thanx for the quick responses; i haven't had a chance to look into the suggestions yet, but i will as soon as i have a chance. I've not abandoned this question!
0
 
LVL 8

Expert Comment

by:bilbus
ID: 17351104
How come i did not get a points split?
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17352752
Hi bilbus,

You didnt provide any more useful information than DhammikaWee - they had a complete set of instructions posted to achieve the desired result.

Yes the link was accurate, and also provided a solution, but DhammikaWee got in first, with a perfectly correct answer.


In future, it is far better to object to a recommendation BEFORE the moderators have closed the question.

-red
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you working to mount the dismounted Exchange 2013 database? Then the best course of action is to analyze the causes of Database issue, their probable solutions and decide for the appropriate course of action.
Microsoft has decided to launch the Exchange Server 2019 this year for its on-premise users. What’s new now Microsoft is going to serve its users? How good is it going to be on the current Exchange Server 2016? This blog is going to answer all queri…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question