Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I would like Administrative Rights to all/everyones mailboxes in the domain.

Posted on 2013-01-07
7
Medium Priority
?
281 Views
Last Modified: 2013-01-16
We're running Exchange 2007/Win 2K8R2 environment and there's always a daily requirement for Sys Admins to access end users mailboxes but I'm getting prompted with a Windows Login dialogue box first and can't authenticate against AD with our Sys Admin credentials.

What is the work around for this please?
0
Comment
Question by:CTCRM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
SvenIA earned 1140 total points
ID: 38750178
Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38750198
My only comment wuold be....

Is this written into company policy?
What are the laws in your country/state regarding privicy?
Are all your employees aware that you will have unrestricted/unmonitored access to there email accounts?

Just ensure that you do not breach any privacy/data protection/employment laws.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 2

Author Comment

by:CTCRM
ID: 38750634
Neilsr - The Exchange Servers and Email System/Processes are company property, all email is monitored and scanned for content and filtered for SPAM. The Systems Administrators here are responsible for a number of tasks that require a SysAdmin to do as opposed to a general end user. Some of those tasks could be changing/setting the OOOffice details, granting access to generic mailboxes, changing permissions on individual end user mailboxes etc.

The MSOutlook email platform is the responsibility of the company and you're right there has to be a level of privacy considered but that trust has to sit with the Sys Admins to carry out the logged tasks and no further than that. All employees sign a number of declarations regarding IT Policies in terms of mis-use, privacy, etc so as a department we're covered.

I will give the PS script a run first and also look at the suggested links and will let you know how they go.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38750720
Glad to see you have it all covered in policies and procedures. Some countries take different views on who owns the DATA within an email system unless explicitly stated in a contract of employment.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38750735
As an example of this see the below explination of the data protection statement on email privacy from the Irish DPA.

4.1 Can my employer access my email or internet usage? / Can I access my employees’ email or internet usage?

More extensive guidance is available on this issue here (http://www.dataprotection.ie/viewdoc.asp?DocID=208).

The advice of this Office is that every employee has a legitimate right to expect a certain amount of privacy in a work context.  The key point is that the employer needs to have a clear policy that is made available to all employees in relation to whether personal use of employee equipment such as email or the internet is allowable.  If an employer does not allow any such use then the employee should not use these systems for their own use.  Such a policy will allow more ready access to an employee’s email and internet records by an employer as the employee should not be making use of them for a personal purpose.  However, even in such circumstances ongoing monitoring is never considered proportionate and access should be in response to a reasonable suspicion.

If the employer’s usage policy does allow some use of equipment for personal purposes then ongoing monitoring of that usage will likely give rise to data protection concerns as the employee is entitled to privacy in relation to that limited personal use.  Any specific access to emails or internet usage should be in response to a specific and reasonable suspicion of inappropriate use of the facilities provided.



SOURCE:  http://www.dataprotection.ie/viewdoc.asp?DocID=634
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 38782135
Thanks
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question