Domain admins are "god" on a system.
As a user, I am unable to access another's email box. As a domain
admin, I am "god" and can.
The better question is..why are you logging in as the domain admin at
home? I log in as user on a system and only log in with domain admin
creds when the task I am doing warrants that.
Last question is.... why don't you trust your domain admins?
Nick Vaernhoej wrote:
Hello all
Can I make sure that domain admins can't access certain people's
mailboxes on an Exchange 2003 server?
>From a securityfocus article:
"Admin is DENIED access to mailboxes (by default), but is easily
changed"
On my home system by default I have access to any mailbox I want because
I am a domain admin so I am not sure what is meant by that statement
from securityfocus.
In AD with advanced view I can remove the domain admin under the persons
security tab. This seems to remove access to (Inbox) but not other
folders such as (Deleted Items). At the same time I lose access to
update their information. And I can just add Domain admins back in. I
have Kiwi alerting on changes made to access changes to exchange
mailboxes so being able to change permissions will be acceptable. By
default Domain Admins should not have the right though.
Any help will be greatly appreciated.
Thank you
Nick
"Quidquid latine dictum sit, altum sonatur."
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs
---------------------------------------------------------------------------
---------------------------------------------------------------------------
