• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 853
  • Last Modified:

Exchange 2003 Administrator Permission

How does an exchange admin work in exchange in respect to the user's mailboxes if they are denyed access. for example me and my boss are exchange admins for our company and with 5.5 we were able to add anyone's mailbox to our outlook profile and work in it and modify permissions. now we are unable to. is there something we need to do?
0
pterranova13
Asked:
pterranova13
  • 2
2 Solutions
 
redseatechnologiesCommented:
Hi pterranova13,

Yeah, they changed how it works with 200x

You can resolve this like so -> http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

-red
0
 
SembeeCommented:
As far as I am concerned there is no reason for anyone to have full access to all mailboxes. I don't want the full access and don't have it on any site that I manage.
If I need to access the mailbox then I make the permission change, then do what is required and then remove the permission.

I also have auditing set high enough that tracks the change to the permissions, both addition and removal.

The reason for this is quite simple. When something goes missing, I don't want myself or anyone else in the IT team to be held responsible for those missing items. If they don't have permissions and there is an audit trail then they cannot be held responsible.

You may also have legal problems with having full access. If the user hasn't granted permission then you could be in legal hot water. Being told that you can by the owner, CEO or manager of the business is not enough, if the laws that cover your location or industry say otherwise.

Simon.
0
 
redseatechnologiesCommented:
I agree with you Simon,

However, in sites where that has "always been the way" such as this one, if there wasn't a legal issue before (on 5.5), there shouldn't be one now.

I generally do not give the administrator account access to the mailboxes - but am frequently instructed to give the owner full control (who is also a domain administrator usually).

Remove the deny for Domain Administrators, then Add a deny for "the" administrator account

-red
0
 
NetoMeter ScreencastsCommented:
DISCLAIMER from the Moderators: the links in this post require a paid registration to view.

The built-in administrator accounts as well as the built-in administrative groups inherit the Deny permission for both the "Send As" and "Receive As" permission. As a result Deny overrides the Allow permission which you can set manually through ESM.
A clean and functional approach is to create an account with the necessary permissions:

http://www.netometer.net/video/tutorials/xmperm/index.php

Dean
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now