[ExchangeList] Re: allow a domain admin to access emails via outlook

  • From: "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 11 Jan 2007 13:48:00 -0800


I completely agree with you regarding the security issue but this is a
special case and it would be for testing. I would try your suggestion
and see if it helps. Thanks 



From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Thursday, January 11, 2007 1:41 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: allow a domain admin to access emails via


You might want to rethink your design.  Domain Admins should never have
a mailbox, they should not even be reading an email, it's a security
breach.  You should never have anyone logging in as a Domain Admin and
performing day to day activities such as reading eamil, working with
documents, surfing, etc, it's a security breach.  You've opened up your
network to all the little nasties out there.


You should have an account identical to all other users on your network
(the least amount of rights possible to allow productivity), you use
that account all the time.  You then have a seperate account that is
your Admin account, only (I mean ONLY!!!!) used for administrative
duties and never logged into a PC.  Use it to login to a server, but
never a workstation that the general user population has access to,
including yours.  Always login as your normal account and if you need
elevated rights use a "Run As" to launch the tool you need with your
admin account rights.


As for your question, go into ADUC, insure advanced options is checked
under the view menu, go to that user and select the Exchange Advanced
tab, click the Mailbox Rights button and grant the user rights.


George Taylor

Systems Programmer

Regional Health Inc.





From: Ara Avvali [mailto:Ara.Avvali@xxxxxxxxxxxxx] 
Sent: Thursday, January 11, 2007 2:16 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] allow a domain admin to access emails via


I have a scenario that I should be able to read emails to an account
which is a domain admin. As we know domain admins are denied to read
other users mail box. So what is the proper way to allow a single domain
admin account to access it's own mail box with outlook and not others? I
followed this article but no luck. If I login to a xp sp2 system with
the domain admin account and create an outlook profile to access the
mail box, it keeps asking for password


***Note: The information contained in this message, including any
attachments, may be privileged, confidential, and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify the Sender
immediately by a "reply to sender only" message and destroy all
electronic or paper copies of the communication, including any

Other related posts: