Solved

Exchange 2003 Administrator Permission

Posted on 2006-11-20
6
804 Views
Last Modified: 2008-09-05
How does an exchange admin work in exchange in respect to the user's mailboxes if they are denyed access. for example me and my boss are exchange admins for our company and with 5.5 we were able to add anyone's mailbox to our outlook profile and work in it and modify permissions. now we are unable to. is there something we need to do?
0
Comment
Question by:pterranova13
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 17983064
Hi pterranova13,

Yeah, they changed how it works with 200x

You can resolve this like so -> http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

-red
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 250 total points
ID: 17983197
As far as I am concerned there is no reason for anyone to have full access to all mailboxes. I don't want the full access and don't have it on any site that I manage.
If I need to access the mailbox then I make the permission change, then do what is required and then remove the permission.

I also have auditing set high enough that tracks the change to the permissions, both addition and removal.

The reason for this is quite simple. When something goes missing, I don't want myself or anyone else in the IT team to be held responsible for those missing items. If they don't have permissions and there is an audit trail then they cannot be held responsible.

You may also have legal problems with having full access. If the user hasn't granted permission then you could be in legal hot water. Being told that you can by the owner, CEO or manager of the business is not enough, if the laws that cover your location or industry say otherwise.

Simon.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17983259
I agree with you Simon,

However, in sites where that has "always been the way" such as this one, if there wasn't a legal issue before (on 5.5), there shouldn't be one now.

I generally do not give the administrator account access to the mailboxes - but am frequently instructed to give the owner full control (who is also a domain administrator usually).

Remove the deny for Domain Administrators, then Add a deny for "the" administrator account

-red
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 17983961
DISCLAIMER from the Moderators: the links in this post require a paid registration to view.

The built-in administrator accounts as well as the built-in administrative groups inherit the Deny permission for both the "Send As" and "Receive As" permission. As a result Deny overrides the Allow permission which you can set manually through ESM.
A clean and functional approach is to create an account with the necessary permissions:

http://www.netometer.net/video/tutorials/xmperm/index.php

Dean
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve DNS query failed errors for Exchange
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now