?
Solved

Exchange 2003 Administrator Permission

Posted on 2006-11-20
6
Medium Priority
?
845 Views
Last Modified: 2008-09-05
How does an exchange admin work in exchange in respect to the user's mailboxes if they are denyed access. for example me and my boss are exchange admins for our company and with 5.5 we were able to add anyone's mailbox to our outlook profile and work in it and modify permissions. now we are unable to. is there something we need to do?
0
Comment
Question by:pterranova13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 1000 total points
ID: 17983064
Hi pterranova13,

Yeah, they changed how it works with 200x

You can resolve this like so -> http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

-red
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 1000 total points
ID: 17983197
As far as I am concerned there is no reason for anyone to have full access to all mailboxes. I don't want the full access and don't have it on any site that I manage.
If I need to access the mailbox then I make the permission change, then do what is required and then remove the permission.

I also have auditing set high enough that tracks the change to the permissions, both addition and removal.

The reason for this is quite simple. When something goes missing, I don't want myself or anyone else in the IT team to be held responsible for those missing items. If they don't have permissions and there is an audit trail then they cannot be held responsible.

You may also have legal problems with having full access. If the user hasn't granted permission then you could be in legal hot water. Being told that you can by the owner, CEO or manager of the business is not enough, if the laws that cover your location or industry say otherwise.

Simon.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17983259
I agree with you Simon,

However, in sites where that has "always been the way" such as this one, if there wasn't a legal issue before (on 5.5), there shouldn't be one now.

I generally do not give the administrator account access to the mailboxes - but am frequently instructed to give the owner full control (who is also a domain administrator usually).

Remove the deny for Domain Administrators, then Add a deny for "the" administrator account

-red
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 17983961
DISCLAIMER from the Moderators: the links in this post require a paid registration to view.

The built-in administrator accounts as well as the built-in administrative groups inherit the Deny permission for both the "Send As" and "Receive As" permission. As a result Deny overrides the Allow permission which you can set manually through ESM.
A clean and functional approach is to create an account with the necessary permissions:

http://www.netometer.net/video/tutorials/xmperm/index.php

Dean
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
New style of hardware planning for Microsoft Exchange server.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question