You need to determine which method was used to grant the extra permissions. It can be done: 1) per mailbox 2) per store 3) per organization Using ADUC and ADSIedit (or LDP) tree up the Exchange objects to find the level where the permissions are assigned. By default all members of Domain Admins and Enterprise Admins have an implicit inherited deny in Exchange 200x and above. In your case, there is an explicit allow (which may or may not be inherited) overriding the deny (note that this is one way in which Exchange ACLs behave differently than NTFS ACLs). To restrict it, you've got to remove the extra permission. ________________________________ From: Manjeet Singh [mailto:Manjeet.Singh@xxxxxxxxxxx] Sent: Saturday, February 25, 2006 10:30 PM To: [ExchangeList] Subject: [exchangelist] RE: Disalow administrator to open other user mailbox. http://www.MSExchange.org/ I have two exchange servers and I am able to user's mailbox using OWA. http://ExchangeServerIP/Exchange/MailboxName I am giving the administrator credential when it asking for password. Is my administrator have extra permissions?? How do I restrict it now ? Thanks, Manjeet ________________________________ From: Martin Blackstone [mailto:MBlackstone@xxxxxxxxxxxxxxxxxx] Sent: Saturday, February 25, 2006 7:26 PM To: [ExchangeList] Subject: [exchangelist] RE: Disalow administrator to open other user mailbox. http://www.MSExchange.org/ Unless its 5.5 and the service account is also the admin account. That said, Michael is totally correct. ________________________________ From: Michael B. Smith [mailto:michael@xxxxxxxxxx] Sent: Saturday, February 25, 2006 7:23 PM To: [ExchangeList] Subject: [exchangelist] RE: Disalow administrator to open other user mailbox. http://www.MSExchange.org/ in the default installation, the exchange administrator cannot open other user's mailboxes. ________________________________ From: Manjeet Singh [mailto:Manjeet.Singh@xxxxxxxxxxx] Sent: Saturday, February 25, 2006 10:02 PM To: [ExchangeList] Subject: [exchangelist] Disalow administrator to open other user mailbox. http://www.MSExchange.org/ In default installation exchange administrator can open other users' mailbox easily. How to restrict the administrator, so that he can not open other user mailboxes? Thanks, Manjeet ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: michael@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: mblackstone@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: Manjeet.Singh@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: michael@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx