Solved

Prohibit Users from viewing Exchange 2010 Archive Mailboxes in Outlook and OWA

Posted on 2012-04-12
7
526 Views
Last Modified: 2012-04-16
Background: Company is transitioning from Exchange Server 2007 SP2 environment to Exchange Server 2010 SP2 Rollup 1.   The company has purchased Exchange 2010 Enterprise CALs for all users. The company wants all mail to be retained for 7 years which the users cannot move, delete, or view in Outlook or OWA.  The Exchange administrators are obviously supposed to have this privilege but no other users.  

Question: Is it possible and if so how is it accomplished to configure Exchange 2010 archive mailboxes to not be visible by Outlook or OWA for non designated Exchange admins?
0
Comment
Question by:advserver
7 Comments
 
LVL 47

Expert Comment

by:apache09
ID: 37841141
"for non designated Exchange admins"

Obviously if they are exchange admins, they are going to have the access.

You could remove the Domain Admin or Exchange Admin from permissions on the mailboxes.

Then only add the specific users, whom are required to have access.


However, I beleive the key factor here is non-designated Exchange Admin(s)

If they are an exchange admin, if they really want access to it, all they need to do is re-add themselves.

If these particular users need to be restricted from viewing such Mailboxes, perhaps Exchange Admin is not the appropriate role for them
0
 
LVL 4

Author Comment

by:advserver
ID: 37841711
I apologize as I should have been more black and white.  No one is permitted to see their archive mailbox in Outlook or OWA.

Please forget I said Exchange admins as you provided no answer and were simply condescending.  


Scenario:  1500 Exchange 2010 mailboxes with archiving enabled with 1 one of those being an admin  =1499 users who are not permitted to see their archive mailbox in Outlook or OWA.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 37842012
What is the point of having such an archive?

If it is for making sure users won't delete it, they can delete mails even before it goes into archive.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 4

Author Comment

by:advserver
ID: 37842139
The point of such an archive is for legal reasons.  It is a healthcare provider that wants all mail designated by the retention policy to be retained for all users for 7 years. They do not want the users to be able to see their archive mailbox.

If this is not possible that is fine.  I am simply asking if it is and if so how.  Thank you.
0
 
LVL 47

Assisted Solution

by:apache09
apache09 earned 250 total points
ID: 37849426
Thanks for clarifying

Sorry there was no intention of sounding condescending

Because the Archive Mailbox in Exchange 2010 is virtually an additional mailbox created for the specific user, restricting access of this archive for the user, would virtually make it unusable as access would be required for Mail Items to be moved into the Archive.

It would be similar to a user archiving off their email to a PST, with their Read permissons removed from the PST It then becomes Unusable by Outlook/User

I think what you may be looking for is something thats a little bit more robust than the built in archiving of Outlook/Exchange.

Likely to be found in a 3rd party Enterprise Archving Solution.

There are a few out there that are speciically desgined to meet legal or regulatory obligations such as mimosa or GFI

http://www.slipstick.com/exchange/archiving-tools-exchange-server/
0
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 250 total points
ID: 37849539
you are using the archiving in a wrong way.

Archiving do not equal to journaling.
Archiving is designed to reduce the load of an active mailbox.
Journal is designed to retain email for certain of period. (hence compliance with your requirement)

So, the best bet you have is to turn on journaling in exchange
http://technet.microsoft.com/en-us/library/aa998649.aspx

forget about archiving, it is not design for compliance purpose.
I can discuss more if you have any question.
0
 
LVL 4

Author Comment

by:advserver
ID: 37852553
Limjianan and Apache09.  Thank you for your responses.  

When the client stated that they had purchased Enterprise CALs for the archiving and then stated the requirements I was afraid that it would lead to the answers above.  I did not want them to have paid for something they did not need.  There are other features such as Multi-Mailbox Search and Legal Hold which can be taken advantage of though.  

Limjianan, I will look to follow your advice and configure Journaling for all users.  Thank you.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question