Prohibit Users from viewing Exchange 2010 Archive Mailboxes in Outlook and OWA

Background: Company is transitioning from Exchange Server 2007 SP2 environment to Exchange Server 2010 SP2 Rollup 1.   The company has purchased Exchange 2010 Enterprise CALs for all users. The company wants all mail to be retained for 7 years which the users cannot move, delete, or view in Outlook or OWA.  The Exchange administrators are obviously supposed to have this privilege but no other users.  

Question: Is it possible and if so how is it accomplished to configure Exchange 2010 archive mailboxes to not be visible by Outlook or OWA for non designated Exchange admins?
LVL 4
advserverAsked:
Who is Participating?
 
Jian An LimConnect With a Mentor Solutions ArchitectCommented:
you are using the archiving in a wrong way.

Archiving do not equal to journaling.
Archiving is designed to reduce the load of an active mailbox.
Journal is designed to retain email for certain of period. (hence compliance with your requirement)

So, the best bet you have is to turn on journaling in exchange
http://technet.microsoft.com/en-us/library/aa998649.aspx

forget about archiving, it is not design for compliance purpose.
I can discuss more if you have any question.
0
 
apache09Commented:
"for non designated Exchange admins"

Obviously if they are exchange admins, they are going to have the access.

You could remove the Domain Admin or Exchange Admin from permissions on the mailboxes.

Then only add the specific users, whom are required to have access.


However, I beleive the key factor here is non-designated Exchange Admin(s)

If they are an exchange admin, if they really want access to it, all they need to do is re-add themselves.

If these particular users need to be restricted from viewing such Mailboxes, perhaps Exchange Admin is not the appropriate role for them
0
 
advserverAuthor Commented:
I apologize as I should have been more black and white.  No one is permitted to see their archive mailbox in Outlook or OWA.

Please forget I said Exchange admins as you provided no answer and were simply condescending.  


Scenario:  1500 Exchange 2010 mailboxes with archiving enabled with 1 one of those being an admin  =1499 users who are not permitted to see their archive mailbox in Outlook or OWA.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
What is the point of having such an archive?

If it is for making sure users won't delete it, they can delete mails even before it goes into archive.
0
 
advserverAuthor Commented:
The point of such an archive is for legal reasons.  It is a healthcare provider that wants all mail designated by the retention policy to be retained for all users for 7 years. They do not want the users to be able to see their archive mailbox.

If this is not possible that is fine.  I am simply asking if it is and if so how.  Thank you.
0
 
apache09Connect With a Mentor Commented:
Thanks for clarifying

Sorry there was no intention of sounding condescending

Because the Archive Mailbox in Exchange 2010 is virtually an additional mailbox created for the specific user, restricting access of this archive for the user, would virtually make it unusable as access would be required for Mail Items to be moved into the Archive.

It would be similar to a user archiving off their email to a PST, with their Read permissons removed from the PST It then becomes Unusable by Outlook/User

I think what you may be looking for is something thats a little bit more robust than the built in archiving of Outlook/Exchange.

Likely to be found in a 3rd party Enterprise Archving Solution.

There are a few out there that are speciically desgined to meet legal or regulatory obligations such as mimosa or GFI

http://www.slipstick.com/exchange/archiving-tools-exchange-server/
0
 
advserverAuthor Commented:
Limjianan and Apache09.  Thank you for your responses.  

When the client stated that they had purchased Enterprise CALs for the archiving and then stated the requirements I was afraid that it would lead to the answers above.  I did not want them to have paid for something they did not need.  There are other features such as Multi-Mailbox Search and Legal Hold which can be taken advantage of though.  

Limjianan, I will look to follow your advice and configure Journaling for all users.  Thank you.
0
All Courses

From novice to tech pro — start learning today.