RE: Domain admin mailbox rights on Exchange 2003

---

• From: "Miha Pihler" <Miha.Pihler@xxxxxx>
• Date: Tue, 1 Aug 2006 19:58:21 +0200

---

Hi,

Default installation of Exchange will not allow administrators to access
other user's mailboxes. Domain admins would actually have to go either
to Active Directory Users and Computer and give themselves permissions
to another mailbox or if they have access to Exchange System Manager
(ESM) they could grant themselves permissions there.

Mike

-----Original Message-----
From: Nick Vaernhoej [mailto:nick.vaernhoej@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 01, 2006 4:53 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Domain admin mailbox rights on Exchange 2003

Hello all

Can I make sure that domain admins can't access certain people's
mailboxes on an Exchange 2003 server?

From a securityfocus article:

"Admin is DENIED access to mailboxes (by default), but is easily
changed"
On my home system by default I have access to any mailbox I want because
I am a domain admin so I am not sure what is meant by that statement
from securityfocus.

In AD with advanced view I can remove the domain admin under the persons
security tab. This seems to remove access to (Inbox) but not other
folders such as (Deleted Items). At the same time I lose access to
update their information. And I can just add Domain admins back in. I
have Kiwi alerting on changes made to access changes to exchange
mailboxes so being able to change permissions will be acceptable. By
default Domain Admins should not have the right though.

Any help will be greatly appreciated.

Thank you

Nick
"Quidquid latine dictum sit, altum sonatur."

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------

---

• References:
  • Domain admin mailbox rights on Exchange 2003
    • From: Nick Vaernhoej

• Prev by Date: Re: Domain admin mailbox rights on Exchange 2003
• Next by Date: Re: Domain admin mailbox rights on Exchange 2003
• Previous by thread: Re: Domain admin mailbox rights on Exchange 2003
• Next by thread: Re: Domain admin mailbox rights on Exchange 2003
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Exmerge Help ... As a workaround...Remove deny from Receive As and Send As permissions at the Organization Level on Domain Admins and Enterprise ... GROUP/MAILBOX STORE '. ... All mailboxes will be processed, ... (microsoft.public.exchange2000.general) Re: Disabling the open other users folder feature ... I, too, have a recent install of Exchange ... I used all of the defaults from the setup. ... full access to all other users' mailboxes. ... users, including Domain Admins were, by default, granted the ability to tinker ... (microsoft.public.exchange.admin) Re: access folders on the M: drive ... Typically Domain Admins do NOT have the ability to open other mailboxes ... specifically denied to the person who installed Exchange. ... by default nobody has access to the users mailbox except the ... (microsoft.public.exchange2000.win2000) Re: Exclude a Domain Admin from having admin rights in an Exchange 2003 environment? ... Sure you can remove the Domain Admins from having permissions in Exchange, ... accounts are created. ... (microsoft.public.exchange.admin) Re: Exchange Mailbox created by users without Exchange access ... permissions. ... They are simple domain admins. ... The users do not even get a prompt about which exchange ... the mailbox and then the default naming convention is corrected. ... (microsoft.public.exchange.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)