?
Solved

Exchange 2003 Mailbox permission

Posted on 2009-05-06
5
Medium Priority
?
259 Views
Last Modified: 2012-05-06
I have a problem where everyone can see eveyone elses mailbox is they know how to open them in outlook.  I want to restrict this so only the administrator can open other mailboxes.  How do i do this in exchange.  the last time i did this the stores wouldnt mount and i had to call microsoft to get it fix because i screwed up the permission.
0
Comment
Question by:Matt Pessolano
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24316603
This is very complex.  The first step is to check in the Exchange System Manager and in the Active Directory Users and Computers management console to see if the Everyone group or the Authenticated Users group has been given Send As and Receive As permissions to the entire container.  Check the security settings on the ADUC Users container and also check the permissions in the ESM at the Site, Server and information store levels and post what you find in terms of the Everyone and/or Authenticated Users group.
0
 
LVL 1

Author Comment

by:Matt Pessolano
ID: 24316751
the everyone group under each mailbox store is greyed out and has full control and send and recieve as checked.  i cant find the everyone group in the ADUC.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24316834
First, let's check the Exchange delegation settings - maybe someone delegated the Exchange Full Administrator role to the Everyone group by mistake.  In the ESM, right-click on the top-level object (the Site name) and click Delegate control.  You may get a banner page, click Next and you'll see a list of the delegations that have been made.  If you see the Everyone group there, then remove it.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24320144
This is quite simple.
The only permissions you are worried about are Send As/Receive As or Full Mailbox Access. Nothing else.
Full Control IS NOT a permission to worry about. DO not confuse permissions to the object to permissions to the content. The only two permissions that allow access to the content are the two above.

If everyone has send as/receive as then that is how the access is being granted. If it is greyed out then it is being inherited from somewhere. You need to find out where. I would suspect at the store level. Look at the properties of the mailbox store and the server itself, looking at the security tab.
If you find the permissions there, then remove JUST the Send As/Receive As. DO NOT remove the entire Everyone setting, as that will cause problems - ie lock you out of Exchange.

Simon.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question