Solved

Exchange 2003 Administrator Permission

Posted on 2006-11-20
6
841 Views
Last Modified: 2008-09-05
How does an exchange admin work in exchange in respect to the user's mailboxes if they are denyed access. for example me and my boss are exchange admins for our company and with 5.5 we were able to add anyone's mailbox to our outlook profile and work in it and modify permissions. now we are unable to. is there something we need to do?
0
Comment
Question by:pterranova13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 17983064
Hi pterranova13,

Yeah, they changed how it works with 200x

You can resolve this like so -> http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

-red
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 250 total points
ID: 17983197
As far as I am concerned there is no reason for anyone to have full access to all mailboxes. I don't want the full access and don't have it on any site that I manage.
If I need to access the mailbox then I make the permission change, then do what is required and then remove the permission.

I also have auditing set high enough that tracks the change to the permissions, both addition and removal.

The reason for this is quite simple. When something goes missing, I don't want myself or anyone else in the IT team to be held responsible for those missing items. If they don't have permissions and there is an audit trail then they cannot be held responsible.

You may also have legal problems with having full access. If the user hasn't granted permission then you could be in legal hot water. Being told that you can by the owner, CEO or manager of the business is not enough, if the laws that cover your location or industry say otherwise.

Simon.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17983259
I agree with you Simon,

However, in sites where that has "always been the way" such as this one, if there wasn't a legal issue before (on 5.5), there shouldn't be one now.

I generally do not give the administrator account access to the mailboxes - but am frequently instructed to give the owner full control (who is also a domain administrator usually).

Remove the deny for Domain Administrators, then Add a deny for "the" administrator account

-red
0
 
LVL 11

Expert Comment

by:NetoMeter Screencasts
ID: 17983961
DISCLAIMER from the Moderators: the links in this post require a paid registration to view.

The built-in administrator accounts as well as the built-in administrative groups inherit the Deny permission for both the "Send As" and "Receive As" permission. As a result Deny overrides the Allow permission which you can set manually through ESM.
A clean and functional approach is to create an account with the necessary permissions:

http://www.netometer.net/video/tutorials/xmperm/index.php

Dean
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question