Kent
03-01-2000, 11:26 AM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
Click to See Complete Forum and Search --> : Mailbox security & NT Administrators
John Dailey
03-10-2000, 08:57 AM
Kent,
Check the permissions tab on your Organization, Site, and Configuration containers in Exchange Administrator. Any Group or Account with the role "Service Account Admin" is able to do as you described. Getting rid of the inappropriate accounts and/or groups will fix this. Just be sure to NOT remove your Exchange Service account.
John Dailey
Lead Messaging Analyst
Indiana University Information Technology Services
Messaging Team
------------
Kent at 3/1/00 12:26:57 PM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
Check the permissions tab on your Organization, Site, and Configuration containers in Exchange Administrator. Any Group or Account with the role "Service Account Admin" is able to do as you described. Getting rid of the inappropriate accounts and/or groups will fix this. Just be sure to NOT remove your Exchange Service account.
John Dailey
Lead Messaging Analyst
Indiana University Information Technology Services
Messaging Team
------------
Kent at 3/1/00 12:26:57 PM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
Kent
03-10-2000, 11:22 AM
John,
Thanks, your suggestion resolved our problem and I feel much more comfortable with our Exchange configuration.
Thank You,
Kent
------------
John Dailey at 3/10/00 9:57:27 AM
Kent,
Check the permissions tab on your Organization, Site, and Configuration containers in Exchange Administrator. Any Group or Account with the role "Service Account Admin" is able to do as you described. Getting rid of the inappropriate accounts and/or groups will fix this. Just be sure to NOT remove your Exchange Service account.
John Dailey
Lead Messaging Analyst
Indiana University Information Technology Services
Messaging Team
------------
Kent at 3/1/00 12:26:57 PM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
Thanks, your suggestion resolved our problem and I feel much more comfortable with our Exchange configuration.
Thank You,
Kent
------------
John Dailey at 3/10/00 9:57:27 AM
Kent,
Check the permissions tab on your Organization, Site, and Configuration containers in Exchange Administrator. Any Group or Account with the role "Service Account Admin" is able to do as you described. Getting rid of the inappropriate accounts and/or groups will fix this. Just be sure to NOT remove your Exchange Service account.
John Dailey
Lead Messaging Analyst
Indiana University Information Technology Services
Messaging Team
------------
Kent at 3/1/00 12:26:57 PM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
keith
03-14-2000, 12:47 PM
the permissions assigned in exchange are completely independent of the permissions assigned in NT. Unless a particular domain admin or an NT group is given permissions in Exchange, they will not be able to open another user's mailbox.
------------
Kent at 3/1/00 12:26:57 PM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
------------
Kent at 3/1/00 12:26:57 PM
How can I configure Exchange so that Domain Admins and NT Admins cannot view/delete/send emails on everyones mailboxes via Outlook 2000 and OWA? It looks like the default installation allows this.
Serverwatch.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.