Solved

Exchange 2003 Administrator Permission

Posted on 2006-11-20
6
830 Views
Last Modified: 2008-09-05
How does an exchange admin work in exchange in respect to the user's mailboxes if they are denyed access. for example me and my boss are exchange admins for our company and with 5.5 we were able to add anyone's mailbox to our outlook profile and work in it and modify permissions. now we are unable to. is there something we need to do?
0
Comment
Question by:pterranova13
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 17983064
Hi pterranova13,

Yeah, they changed how it works with 200x

You can resolve this like so -> http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

-red
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 250 total points
ID: 17983197
As far as I am concerned there is no reason for anyone to have full access to all mailboxes. I don't want the full access and don't have it on any site that I manage.
If I need to access the mailbox then I make the permission change, then do what is required and then remove the permission.

I also have auditing set high enough that tracks the change to the permissions, both addition and removal.

The reason for this is quite simple. When something goes missing, I don't want myself or anyone else in the IT team to be held responsible for those missing items. If they don't have permissions and there is an audit trail then they cannot be held responsible.

You may also have legal problems with having full access. If the user hasn't granted permission then you could be in legal hot water. Being told that you can by the owner, CEO or manager of the business is not enough, if the laws that cover your location or industry say otherwise.

Simon.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17983259
I agree with you Simon,

However, in sites where that has "always been the way" such as this one, if there wasn't a legal issue before (on 5.5), there shouldn't be one now.

I generally do not give the administrator account access to the mailboxes - but am frequently instructed to give the owner full control (who is also a domain administrator usually).

Remove the deny for Domain Administrators, then Add a deny for "the" administrator account

-red
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 17983961
DISCLAIMER from the Moderators: the links in this post require a paid registration to view.

The built-in administrator accounts as well as the built-in administrative groups inherit the Deny permission for both the "Send As" and "Receive As" permission. As a result Deny overrides the Allow permission which you can set manually through ESM.
A clean and functional approach is to create an account with the necessary permissions:

http://www.netometer.net/video/tutorials/xmperm/index.php

Dean
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question