When I right-click the server in ESM and look at the Security tab, it says it's inheriting permissions from above. From what, though? Where above the server level would I change the security?
The solution has to access the mailbox without the user's permission. We're a school district, and virtually everything in a mailbox is public record, anyhow. But there are occasions where I'm asked by my bosses to look in someone's mailbox. Currently, I do that via OWA and login as them. But I don't always know what their password is, so I need an alternate method. John From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, May 08, 2008 1:19 PM To: MS-Exchange Admin Issues Subject: RE: Can't Open Other Users' Mailboxes By default Enterprise Admins and IIRC Domain admins are explicitly denied access to users mailboxes. Check the following link for some info on how to do give an account full access to mailboxes. http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.h tm Also check out this link: http://support.microsoft.com/?id=259221 which explains how to add the security tab to all objects in System Manager. However if you need to open only one folder in a users mailbox then get that user to manually give you permission on the specific folder which should work. This is a MAPI permissions thing versus an AD permissions thing. Also check out the Microsoft article on MAPI and AD permissions. http://technet.microsoft.com/en-us/library/bb124223.aspx If you are trying to open the entire mailbox without the user being aware then there are potential privacy and legal compliance issues to be aware of. What I've done is I've created a separate User account that I can on an ad hoc basis give access to other mailboxes for the time I need and then remove it when I'm done. This account is not a member of any of the domain admin or enterprise admin groups. Best of luck with this. Regards Peter Johnson From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: 08 May 2008 18:37 To: MS-Exchange Admin Issues Subject: Re: Can't Open Other Users' Mailboxes Yes, explicit deny overrides implicit allow. On Thu, May 8, 2008 at 11:17 AM, John Hornbuckle <[EMAIL PROTECTED]> wrote: I'm using Outlook 2007, connected to our Exchange 2003 server. I'm trying to access another user's mailbox from my Outlook profile, which I've never done before. I'm selecting "File" -> "Open" -> "Other User's Folder", picking the user from the GAL, selecting their Inbox, and clicking "OK." I get: "Cannot display the folder. The Inbox folder cannot be found." >From what I've found on Google, this sounds like a permissions issue. I'm not sure what permissions to change to fix it, though. From ESM I've looked at the server's permissions, which grand Full Control to Enterprise Admins (which my account is a member of). I checked the mailbox store's security, and Enterprise Admins appear to have full control there, too. But when I check the individual mailboxes, Enterprise Admins have everything set to "Allow", but has "Deny" checked for "Full Mailbox Access." Is this the problem? And if so, how do I fix it? I can't seem to change the permissions on the individual mailboxes, which makes me think those are being inherited from higher up. But where? When I look at the mailbox store, I see that security is configured to deny Send As and Receive As to Enterprise Admins. But that shouldn't keep me from being able to look at the mailboxes, should it? I'm sure this is just an issue of me misunderstanding Exchange's security. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke Disclaimer: The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. Confidentiality: The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
