Solved

Access to all users mailboxes for a single user

Posted on 2014-03-25
7
336 Views
Last Modified: 2014-04-04
Hi,

We've had a request from one of customers asking for owner of the company to be able to access any mailbox on the server. The request is below:

"Is it possible to give said user access to every users mailbox please.  She doesn't need them all setting up to view, but just the access rights so she can add and delete the account from her mailbox as and when she needs to check things in other users emails"

Is there a shell command to add access permissions to one user for all users, and if so will it actually add the mailboxes to the users account or just give them permission to access the mailboxes as and when?

Regards,

James
0
Comment
Question by:YorkData
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39953035
Version of Exchange would help here, because depending on the version depends on the command used. Use the wrong command and every mailbox will be opened in the Outlook client (depending on the version of Exchange).

Hopefully the employees have signed something to state that access to the mailbox could happen without notice. Being owner of the company does not override the law (which will differ from location to location and from business type to type). Blanket permissions to all mailboxes is usually something I strongly recommend against.

Simon.
0
 
LVL 5

Expert Comment

by:Dave Gould
ID: 39953125
For 2010, this should work:
get-mailbox | Add-MailboxPermission -User "BigBoss" -AccessRights fullaccess

But I totally agree with Simon. You are stepping on dodgy ground by giving somebody access to other peoples mailboxes. In many countries, you would need to have a strict clause in the terms of engagement in order to be able to "spy" on their email.
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39955892
As an employee, you still have a reasonable expectation of privacy unless, as has been stated, some sort of explicit waiver of right to privacy was signed.

I generallly answer this question with a simple "No". Snoop after you let them go if you don't trust them. At that point, the information is yours.

HTH
Gary
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:YorkData
ID: 39961525
Thanks for the help everyone.

I will speak to our customer and let them know of the possible legal issues in doing this.

I will get back to you with the results.

Regards,

James
0
 

Author Comment

by:YorkData
ID: 39961529
Sorry it's exchange 2010
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39961862
If you use the command give above, then you will have problems, because it doesn't include the automapping disable. That means all mailboxes will be opened in Outlook and depending on how many users there, that could cause Outlook to crash.

http://technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx

Personally I would use this command to set the permission at the database level:

Get-MailboxDatabase | Add-ADPermission -User "UserAccount" -AccessRights ExtendedRight -ExtendedRights Receive-As

Where UserAccount is the name of the account that requires the permission.
Receive As is the same as full mailbox access, and will not cause the auto mapping issue.

Simon.
0
 

Author Closing Comment

by:YorkData
ID: 39978129
The command executed fine. The user hasn't got back to me to confirm that she can access all mailboxes but she hasn't said her Outlook has crashed so I'm assuming it hasn't added all the mailboxes.

Thanks for the help

James
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question