What are the default permission for admins in Exchange 2003?

I was reading a KB article (821897) on Microsoft's site saying that by default, Domain and even Enterprise Admins do not have access to all mailboxes nor do they need that access to perform most admin functions in Exchange.  Our permissions are currently set up in a way that allows Domain Admins to access all mailboxes and I would like to remove those permissions.  The problem is that I don't know what the permissions looked like before the change was made here.  I can see that at a mailstore level, Enterprise Admins, Domain Admins, Exchange Admins, Exchange Full Admins, and Exchange Read Only Admins have various permissions set.  Enterprise, Domain, and Exchange Full Admins are currently set to Full Control.  Exchange Admins are set to pretty much everything accept Full Control and Exchange View Only is set to Read, Execute, Read Permissions, List Contents, Read Properties, List Object, and View information store status.  I don't want to just rip the permissions out of there without making sure that I will not be breaking anything in Exchange.  I'm also not sure where all of the permissions would be that I need to modify for this change.
denverjayeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave StringfellowIT managerCommented:
Ok, the permissions are at stop level, so all you need to do is open up security in the mailbox store, then you will probably have the domain admins in the list. click that, and go all the way tot he bottom, and set the send as and recive as to Deny. This should fix any issues you have,

Good luck :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
denverjayeAuthor Commented:
Thank you for your reply.  I need to make sure that domain admins cannot even open another mailbox other than their own.  I think your solution above only really makes it so that domain admins wouldn't be able to send and receive mail.  Although I may be wrong there...
0
Dave StringfellowIT managerCommented:
aye, but this will stop the access too
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.