Prohibit Users from viewing Exchange 2010 Archive Mailboxes in Outlook and OWA

Background: Company is transitioning from Exchange Server 2007 SP2 environment to Exchange Server 2010 SP2 Rollup 1.   The company has purchased Exchange 2010 Enterprise CALs for all users. The company wants all mail to be retained for 7 years which the users cannot move, delete, or view in Outlook or OWA.  The Exchange administrators are obviously supposed to have this privilege but no other users.  

Question: Is it possible and if so how is it accomplished to configure Exchange 2010 archive mailboxes to not be visible by Outlook or OWA for non designated Exchange admins?
LVL 4
advserverAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

apache09Commented:
"for non designated Exchange admins"

Obviously if they are exchange admins, they are going to have the access.

You could remove the Domain Admin or Exchange Admin from permissions on the mailboxes.

Then only add the specific users, whom are required to have access.


However, I beleive the key factor here is non-designated Exchange Admin(s)

If they are an exchange admin, if they really want access to it, all they need to do is re-add themselves.

If these particular users need to be restricted from viewing such Mailboxes, perhaps Exchange Admin is not the appropriate role for them
0
advserverAuthor Commented:
I apologize as I should have been more black and white.  No one is permitted to see their archive mailbox in Outlook or OWA.

Please forget I said Exchange admins as you provided no answer and were simply condescending.  


Scenario:  1500 Exchange 2010 mailboxes with archiving enabled with 1 one of those being an admin  =1499 users who are not permitted to see their archive mailbox in Outlook or OWA.
0
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
What is the point of having such an archive?

If it is for making sure users won't delete it, they can delete mails even before it goes into archive.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

advserverAuthor Commented:
The point of such an archive is for legal reasons.  It is a healthcare provider that wants all mail designated by the retention policy to be retained for all users for 7 years. They do not want the users to be able to see their archive mailbox.

If this is not possible that is fine.  I am simply asking if it is and if so how.  Thank you.
0
apache09Commented:
Thanks for clarifying

Sorry there was no intention of sounding condescending

Because the Archive Mailbox in Exchange 2010 is virtually an additional mailbox created for the specific user, restricting access of this archive for the user, would virtually make it unusable as access would be required for Mail Items to be moved into the Archive.

It would be similar to a user archiving off their email to a PST, with their Read permissons removed from the PST It then becomes Unusable by Outlook/User

I think what you may be looking for is something thats a little bit more robust than the built in archiving of Outlook/Exchange.

Likely to be found in a 3rd party Enterprise Archving Solution.

There are a few out there that are speciically desgined to meet legal or regulatory obligations such as mimosa or GFI

http://www.slipstick.com/exchange/archiving-tools-exchange-server/
0
Jian An LimSolutions ArchitectCommented:
you are using the archiving in a wrong way.

Archiving do not equal to journaling.
Archiving is designed to reduce the load of an active mailbox.
Journal is designed to retain email for certain of period. (hence compliance with your requirement)

So, the best bet you have is to turn on journaling in exchange
http://technet.microsoft.com/en-us/library/aa998649.aspx

forget about archiving, it is not design for compliance purpose.
I can discuss more if you have any question.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
advserverAuthor Commented:
Limjianan and Apache09.  Thank you for your responses.  

When the client stated that they had purchased Enterprise CALs for the archiving and then stated the requirements I was afraid that it would lead to the answers above.  I did not want them to have paid for something they did not need.  There are other features such as Multi-Mailbox Search and Legal Hold which can be taken advantage of though.  

Limjianan, I will look to follow your advice and configure Journaling for all users.  Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.