RE: Disalow administrator to open other user mailbox.

  • From: "Michael B. Smith" <michael@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sat, 25 Feb 2006 22:41:49 -0500

You need to determine which method was used to grant the extra
permissions.
 
It can be done:
 
1) per mailbox 
2) per store
3) per organization
 
Using ADUC and ADSIedit (or LDP) tree up the Exchange objects to find
the level where the permissions are assigned.
 
By default all members of Domain Admins and Enterprise Admins have an
implicit inherited deny in Exchange 200x and above. In your case, there
is an explicit allow (which may or may not be inherited) overriding the
deny (note that this is one way in which Exchange ACLs behave
differently than NTFS ACLs).
 
To restrict it, you've got to remove the extra permission.

________________________________

From: Manjeet Singh [mailto:Manjeet.Singh@xxxxxxxxxxx] 
Sent: Saturday, February 25, 2006 10:30 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Disalow administrator to open other user
mailbox.


http://www.MSExchange.org/


I have two exchange servers and I am able to user's mailbox using OWA.

 

http://ExchangeServerIP/Exchange/MailboxName

 

I am giving the administrator credential when it asking for password.

 

Is my administrator have extra permissions?? How do I restrict it now ?

 

Thanks,

Manjeet

 

________________________________

From: Martin Blackstone [mailto:MBlackstone@xxxxxxxxxxxxxxxxxx] 
Sent: Saturday, February 25, 2006 7:26 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Disalow administrator to open other user
mailbox.

 

http://www.MSExchange.org/

Unless its 5.5 and the service account is also the admin account.


That said, Michael is totally correct. 

 

________________________________

From: Michael B. Smith [mailto:michael@xxxxxxxxxx] 
Sent: Saturday, February 25, 2006 7:23 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Disalow administrator to open other user
mailbox.

http://www.MSExchange.org/

in the default installation, the exchange administrator cannot open
other user's mailboxes.

 

 

________________________________

From: Manjeet Singh [mailto:Manjeet.Singh@xxxxxxxxxxx] 
Sent: Saturday, February 25, 2006 10:02 PM
To: [ExchangeList]
Subject: [exchangelist] Disalow administrator to open other user
mailbox.

http://www.MSExchange.org/

In default installation exchange administrator can open other users'
mailbox easily.

 

How to restrict the administrator, so that he can not open other user
mailboxes?

 

Thanks, Manjeet

 

 

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
michael@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mblackstone@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
Manjeet.Singh@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
michael@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx 

Other related posts: