[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

Access to all users mailboxes for a single user

Hi,

We've had a request from one of customers asking for owner of the company to be able to access any mailbox on the server. The request is below:

"Is it possible to give said user access to every users mailbox please.  She doesn't need them all setting up to view, but just the access rights so she can add and delete the account from her mailbox as and when she needs to check things in other users emails"

Is there a shell command to add access permissions to one user for all users, and if so will it actually add the mailboxes to the users account or just give them permission to access the mailboxes as and when?

Regards,

James
0
YorkData
Asked:
YorkData
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Version of Exchange would help here, because depending on the version depends on the command used. Use the wrong command and every mailbox will be opened in the Outlook client (depending on the version of Exchange).

Hopefully the employees have signed something to state that access to the mailbox could happen without notice. Being owner of the company does not override the law (which will differ from location to location and from business type to type). Blanket permissions to all mailboxes is usually something I strongly recommend against.

Simon.
0
 
Dave GouldOnsite SupportCommented:
For 2010, this should work:
get-mailbox | Add-MailboxPermission -User "BigBoss" -AccessRights fullaccess

But I totally agree with Simon. You are stepping on dodgy ground by giving somebody access to other peoples mailboxes. In many countries, you would need to have a strict clause in the terms of engagement in order to be able to "spy" on their email.
0
 
Gary ColtharpSr. Systems EngineerCommented:
As an employee, you still have a reasonable expectation of privacy unless, as has been stated, some sort of explicit waiver of right to privacy was signed.

I generallly answer this question with a simple "No". Snoop after you let them go if you don't trust them. At that point, the information is yours.

HTH
Gary
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
YorkDataAuthor Commented:
Thanks for the help everyone.

I will speak to our customer and let them know of the possible legal issues in doing this.

I will get back to you with the results.

Regards,

James
0
 
YorkDataAuthor Commented:
Sorry it's exchange 2010
0
 
Simon Butler (Sembee)ConsultantCommented:
If you use the command give above, then you will have problems, because it doesn't include the automapping disable. That means all mailboxes will be opened in Outlook and depending on how many users there, that could cause Outlook to crash.

http://technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx

Personally I would use this command to set the permission at the database level:

Get-MailboxDatabase | Add-ADPermission -User "UserAccount" -AccessRights ExtendedRight -ExtendedRights Receive-As

Where UserAccount is the name of the account that requires the permission.
Receive As is the same as full mailbox access, and will not cause the auto mapping issue.

Simon.
0
 
YorkDataAuthor Commented:
The command executed fine. The user hasn't got back to me to confirm that she can access all mailboxes but she hasn't said her Outlook has crashed so I'm assuming it hasn't added all the mailboxes.

Thanks for the help

James
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now