Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 282
  • Last Modified:

I would like Administrative Rights to all/everyones mailboxes in the domain.

We're running Exchange 2007/Win 2K8R2 environment and there's always a daily requirement for Sys Admins to access end users mailboxes but I'm getting prompted with a Windows Login dialogue box first and can't authenticate against AD with our Sys Admin credentials.

What is the work around for this please?
0
CTCRM
Asked:
CTCRM
  • 3
  • 2
  • 2
1 Solution
 
SvenIACommented:
Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll
0
 
Neil RussellTechnical Development LeadCommented:
My only comment wuold be....

Is this written into company policy?
What are the laws in your country/state regarding privicy?
Are all your employees aware that you will have unrestricted/unmonitored access to there email accounts?

Just ensure that you do not breach any privacy/data protection/employment laws.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
CTCRMInfrastructure EngineerAuthor Commented:
Neilsr - The Exchange Servers and Email System/Processes are company property, all email is monitored and scanned for content and filtered for SPAM. The Systems Administrators here are responsible for a number of tasks that require a SysAdmin to do as opposed to a general end user. Some of those tasks could be changing/setting the OOOffice details, granting access to generic mailboxes, changing permissions on individual end user mailboxes etc.

The MSOutlook email platform is the responsibility of the company and you're right there has to be a level of privacy considered but that trust has to sit with the Sys Admins to carry out the logged tasks and no further than that. All employees sign a number of declarations regarding IT Policies in terms of mis-use, privacy, etc so as a department we're covered.

I will give the PS script a run first and also look at the suggested links and will let you know how they go.
0
 
Neil RussellTechnical Development LeadCommented:
Glad to see you have it all covered in policies and procedures. Some countries take different views on who owns the DATA within an email system unless explicitly stated in a contract of employment.
0
 
Neil RussellTechnical Development LeadCommented:
As an example of this see the below explination of the data protection statement on email privacy from the Irish DPA.

4.1 Can my employer access my email or internet usage? / Can I access my employees’ email or internet usage?

More extensive guidance is available on this issue here (http://www.dataprotection.ie/viewdoc.asp?DocID=208).

The advice of this Office is that every employee has a legitimate right to expect a certain amount of privacy in a work context.  The key point is that the employer needs to have a clear policy that is made available to all employees in relation to whether personal use of employee equipment such as email or the internet is allowable.  If an employer does not allow any such use then the employee should not use these systems for their own use.  Such a policy will allow more ready access to an employee’s email and internet records by an employer as the employee should not be making use of them for a personal purpose.  However, even in such circumstances ongoing monitoring is never considered proportionate and access should be in response to a reasonable suspicion.

If the employer’s usage policy does allow some use of equipment for personal purposes then ongoing monitoring of that usage will likely give rise to data protection concerns as the employee is entitled to privacy in relation to that limited personal use.  Any specific access to emails or internet usage should be in response to a specific and reasonable suspicion of inappropriate use of the facilities provided.



SOURCE:  http://www.dataprotection.ie/viewdoc.asp?DocID=634
0
 
CTCRMInfrastructure EngineerAuthor Commented:
Thanks
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now