Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Admin rights on Mailboxes

Status
Not open for further replies.
LittleFishy

LittleFishy

MIS
Sep 10, 2002
46
GB
What is the best way or software that can restrict the way administrators change mailbox access? We have WAN and two Exchange 2K servers, we currently have a large number of users who have Domain Admin rights and can therefore give themselves access (in active dir) to other user’s emails. My MD wants to stop/restrict or log this, so that an administrator has to get his (MDs) permission to change these rights and if they don't they are committing an offence. A simple way of doing this would be nice and is Server & Exchange 2003 any better? Thanks for any help.
 
Sort by date Sort by votes
You desperately need some IT policies. If you are a publicly held US company, your executives have violated SOX and are subject to criminal penalties up to and including jail time. Turn them in. Immediately after turning in your executives, seek protection under the wistleblower's statues. They can't fire you. Now that the idiots who instituted the policy of giving everyone admin priviledges are gone, take it away. Problem solved.


Each time a user other than the owner of a mailbox accesses a mailbox, event id 1016 is logged in the application log of the exchange server.

 
Upvote 0 Downvote
We are in the UK & as I understand it, if the executives/directors consider an employee to be abusing the system, disclosing company information etc, they can view user’s activities. Our problem is that until we resolve our Domain Admin issues, we want to know if & who has changed rights and possibly reading other users email.
 
Upvote 0 Downvote
we currently have a large number of users who have Domain Admin rights
Click to expand...

What you really need to do is evaluate your entire permission strategy. The list of reasons as to why the above is a bad idea is too long to list. Global administrators are just that, if you want the users to require permission - they have to be basic users.

There is no quick and easy hash solution to your problem.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
3K
Wesaf
Wesaf
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
3K
ponoodle
ponoodle
DrB0b
  • Locked
  • Question
Exchange 2019 Full Access to all mailboxes
Replies
3
Views
542
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top