What are the default permission for admins in Exchange 2003?

Posted on 2008-02-05
Medium Priority
Last Modified: 2010-04-18
I was reading a KB article (821897) on Microsoft's site saying that by default, Domain and even Enterprise Admins do not have access to all mailboxes nor do they need that access to perform most admin functions in Exchange.  Our permissions are currently set up in a way that allows Domain Admins to access all mailboxes and I would like to remove those permissions.  The problem is that I don't know what the permissions looked like before the change was made here.  I can see that at a mailstore level, Enterprise Admins, Domain Admins, Exchange Admins, Exchange Full Admins, and Exchange Read Only Admins have various permissions set.  Enterprise, Domain, and Exchange Full Admins are currently set to Full Control.  Exchange Admins are set to pretty much everything accept Full Control and Exchange View Only is set to Read, Execute, Read Permissions, List Contents, Read Properties, List Object, and View information store status.  I don't want to just rip the permissions out of there without making sure that I will not be breaking anything in Exchange.  I'm also not sure where all of the permissions would be that I need to modify for this change.
Question by:denverjaye
  • 2
LVL 15

Accepted Solution

Dave_AND earned 750 total points
ID: 20825941
Ok, the permissions are at stop level, so all you need to do is open up security in the mailbox store, then you will probably have the domain admins in the list. click that, and go all the way tot he bottom, and set the send as and recive as to Deny. This should fix any issues you have,

Good luck :)

Author Comment

ID: 20827786
Thank you for your reply.  I need to make sure that domain admins cannot even open another mailbox other than their own.  I think your solution above only really makes it so that domain admins wouldn't be able to send and receive mail.  Although I may be wrong there...
LVL 15

Expert Comment

ID: 20828300
aye, but this will stop the access too

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
In my humble opinion (IMHO), TouchDown from Symantec is the best in class for this type of application, but Symantec has end-of-lifed it and although one can keep using it, it will no longer be supported or upgraded.  Time to look for alternatives t…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month3 days, 17 hours left to enroll

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question