Q
Problem solve Get help with specific problems with your technologies, process and projects.

Who has full Exchange Server mailbox access and permissions?

Find out how to determine who has permissions to access all Exchange Server mailboxes and how to restrict these permissions in an Exchange 2003 site.

Has Microsoft designed Exchange Server 2003 to allow all users to view other users' email in their inboxes? If not all users, what about any user with certain privileges -- like a domain administrator? If so, how can I prevent this? And how can I prove this has happened? Is there a log?
In Exchange 5.5, the Exchange Service account had permissions to access all mailboxes in an Exchange Site. In Exchange 2000 and 2003, Microsoft has explicitly denied access to administrative accounts, including domain administrators, enterprise administrators and Exchange full administrators. Only a group called Self, which is the user object being configured, has full mailbox access.

However, a regular domain user account can be delegated access to a folder like Calendar, or the entire mailbox, by the user or an administrator. The good news is that anytime a user who is not "Self" accesses a mailbox, then a 1016 event is generated in the Application log by Exchange.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Tip: Establishing mailbox audit trails on Exchange Server
  • Reference Center: Microsoft Exchange permissions
  • This was last published in September 2005

    Dig Deeper on Legacy Exchange Server versions

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchSQLServer

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close