What are the default permission for admins in Exchange 2003?
Posted on 2008-02-05
I was reading a KB article (821897) on Microsoft's site saying that by default, Domain and even Enterprise Admins do not have access to all mailboxes nor do they need that access to perform most admin functions in Exchange. Our permissions are currently set up in a way that allows Domain Admins to access all mailboxes and I would like to remove those permissions. The problem is that I don't know what the permissions looked like before the change was made here. I can see that at a mailstore level, Enterprise Admins, Domain Admins, Exchange Admins, Exchange Full Admins, and Exchange Read Only Admins have various permissions set. Enterprise, Domain, and Exchange Full Admins are currently set to Full Control. Exchange Admins are set to pretty much everything accept Full Control and Exchange View Only is set to Read, Execute, Read Permissions, List Contents, Read Properties, List Object, and View information store status. I don't want to just rip the permissions out of there without making sure that I will not be breaking anything in Exchange. I'm also not sure where all of the permissions would be that I need to modify for this change.