Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Denying access to a specific mailbox

Status
Not open for further replies.
sneeland

sneeland

MIS
Jan 27, 2004
49
US
We want to restrict access to a specific mailbox to only the person assigned to the mailbox and a specific security admin. We do not want exchange admins or domain admins to access the mailbox. I realize I can select the 'Deny' box on the security tab from A/D, but the problem is that if the mailbox belongs to a Domain Admin, and I say Domain Admins are denied access, then he will not be able to get to his own mailbox.

Ideally I would like to remove some entries from the access list for that specific mailbox only. It is inheriting permissions from the parent. Unlike files & folders, I cannot turn of permission inheritance from the parent for this specific mailbox only.

If anyone knows how I can turn off the permission inheritance for this specific mailbox only then it would be greatly appreciated!!!

Thanks!
Steve
 
Sort by date Sort by votes
Use Active Directory Users & Computers. Turn on Show Advanced Features. View the properties of the user. You will now have a Security tab and can restrict access as needed.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
That is our normal method to grant access to a mailbox to someone else and that works fine. If I want to restrict access for Domain Admins to access the mailbox, and that person is in the Domain Admins group also, security gives precidence to the Deny and will not let the Domain Admin access his own mailbox, so I cannot Deny access to the Domain Admins. Now if I could turn off the security permissions being inherited from the 'parent' then delete the Domain Admins entry from that security access list for that specific Domain Admin's mailbox then it should work as desired.

Anything else I could try?

Thanks!
Steve
 
Upvote 0 Downvote
I am curious why you are so concerned with restricting the domain admins when with domain admin rights they could easily bypass this restriction. Seems to me you are spinning your wheels for nothing. Do you find you really have a problem with Admins trying to spy on people? If so get Admins you can trust.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Preachin to the choir....

Sometimes "Cant do it" is a vslid answer. I think I have shown them enough to make my point that technically it can't be done (easily) and that their management issue may have to be addressed differently.

But if anyone does have a technical solution....

Stave

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
3K
BroBias
BroBias
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
3K
Brent Fletcher
Brent Fletcher
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
3K
Satishkumar007
Satishkumar007

Part and Inventory Search

Sponsor

Back
Top