Solved

I would like Administrative Rights to all/everyones mailboxes in the domain.

Posted on 2013-01-07
7
277 Views
Last Modified: 2013-01-16
We're running Exchange 2007/Win 2K8R2 environment and there's always a daily requirement for Sys Admins to access end users mailboxes but I'm getting prompted with a Windows Login dialogue box first and can't authenticate against AD with our Sys Admin credentials.

What is the work around for this please?
0
Comment
Question by:CTCRM
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:SvenIA
ID: 38750175
0
 
LVL 7

Accepted Solution

by:
SvenIA earned 380 total points
ID: 38750178
Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38750198
My only comment wuold be....

Is this written into company policy?
What are the laws in your country/state regarding privicy?
Are all your employees aware that you will have unrestricted/unmonitored access to there email accounts?

Just ensure that you do not breach any privacy/data protection/employment laws.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Author Comment

by:CTCRM
ID: 38750634
Neilsr - The Exchange Servers and Email System/Processes are company property, all email is monitored and scanned for content and filtered for SPAM. The Systems Administrators here are responsible for a number of tasks that require a SysAdmin to do as opposed to a general end user. Some of those tasks could be changing/setting the OOOffice details, granting access to generic mailboxes, changing permissions on individual end user mailboxes etc.

The MSOutlook email platform is the responsibility of the company and you're right there has to be a level of privacy considered but that trust has to sit with the Sys Admins to carry out the logged tasks and no further than that. All employees sign a number of declarations regarding IT Policies in terms of mis-use, privacy, etc so as a department we're covered.

I will give the PS script a run first and also look at the suggested links and will let you know how they go.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38750720
Glad to see you have it all covered in policies and procedures. Some countries take different views on who owns the DATA within an email system unless explicitly stated in a contract of employment.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 38750735
As an example of this see the below explination of the data protection statement on email privacy from the Irish DPA.

4.1 Can my employer access my email or internet usage? / Can I access my employees’ email or internet usage?

More extensive guidance is available on this issue here (http://www.dataprotection.ie/viewdoc.asp?DocID=208).

The advice of this Office is that every employee has a legitimate right to expect a certain amount of privacy in a work context.  The key point is that the employer needs to have a clear policy that is made available to all employees in relation to whether personal use of employee equipment such as email or the internet is allowable.  If an employer does not allow any such use then the employee should not use these systems for their own use.  Such a policy will allow more ready access to an employee’s email and internet records by an employer as the employee should not be making use of them for a personal purpose.  However, even in such circumstances ongoing monitoring is never considered proportionate and access should be in response to a reasonable suspicion.

If the employer’s usage policy does allow some use of equipment for personal purposes then ongoing monitoring of that usage will likely give rise to data protection concerns as the employee is entitled to privacy in relation to that limited personal use.  Any specific access to emails or internet usage should be in response to a specific and reasonable suspicion of inappropriate use of the facilities provided.



SOURCE:  http://www.dataprotection.ie/viewdoc.asp?DocID=634
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 38782135
Thanks
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This video discusses moving either the default database or any database to a new volume.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question