[ExchangeList] Re: domain admin can access all mailboxes - exchange 2003

  • From: Patrick <london31uk@xxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Thu, 8 Oct 2009 13:18:04 -0700 (PDT)

Ok, thanks for that


From: Michael B. Smith <michael@xxxxxxxxxxxxxxxxxxxxxxxx>
To: exchangelist@xxxxxxxxxxxxx
Sent: Thu, October 8, 2009 9:10:48 PM
Subject: [ExchangeList] Re: domain admin can access all mailboxes - exchange 2003

It cannot be done with ESM.

 

What I told you is where you look in adsiedit: you look at the Exchange organization object, the Exchange server object, the infostore object on each server…etc.

 

From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Thursday, October 08, 2009 3:11 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: domain admin can access all mailboxes - exchange 2003

 

Thanks

 

Any pointers are to where I would be looking with adsiedit? can this not be done with ESM?

 

Thanks

 


From: Michael B. Smith <michael@xxxxxxxxxxxxxxxxxxxxxxxx>
To: exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx
Sent: Thu, October 8, 2009 3:36:34 PM
Subject: [ExchangeList] Re: domain admin can access all mailboxes - exchange 2003

Either at the organization level, the server level, the InfoStore level, or the individual mailbox level someone has put a higher priority “Allow” for Domain Admins than the inherited “Deny”.

 

You need to find the level (using adsiedit normally) where the access control entry was placed and then remove it.

 

From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Thursday, October 08, 2009 9:49 AM
To: exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx
Subject: [ExchangeList] domain admin can access all mailboxes - exchange 2003

 

Hi Guys,

 

Not sure how this happened, but domain admin can access all users mailboxes. How can I stop this from happening.

 

Exchange 2003 SP2

 

 

 

Thanks

 

Patrick

 

 


Other related posts: