Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to deny domain admins access to mailboxes

Status
Not open for further replies.
hawika

hawika

IS-IT--Management
May 6, 2002
2
DE
Usually domain admins have a deny-right for send as an receive as regarding the mailboxes of other users.
But the same domain admins are able to change these acl.

how can i prevent everybody (that means all admins) from viewing the mails in the mailbox after changing the default deny for send as and receive as????


Hans
 
Sort by date Sort by votes
We had Microsoft write us a script for this. Full control by a domain admin.
" That is by design "
 
Upvote 0 Downvote
Instead to taking a preventative, just turn on auditting and audit group/user management, if a user changes rights, you have an audit log which can let you know who did it and when, you don't want those people working for you.

Rob
 
Upvote 0 Downvote
Here is why it is by design.

If your a domain admin you have enough rights to add yourself back. Basically make only trustworthy people admins. Dan
Microsoft Exchange Support @ Microsoft
 
Upvote 0 Downvote
I understand that component but I don't agree with the permissions and send as. Maybe you will know this Xybertron, why is it that when you want to give a user permissions to another users mailbox through ESM, the only way you can have the user open the other users mailbox is with full control, but this also gives him send as. Under security, you should be able to deny send as.It does not work. In 5.5, you had this functionality. the only way I have found to accomplish this is to log onto the resource mailbox and grant mapi level permissions.
???
Thanks
Paul.
 
Upvote 0 Downvote
Domain admins have control of the servers within their domain. All you'll be doing is presenting him a new challenge to overcome.
 
Upvote 0 Downvote
In Exchange 5.5, these permissions where clearly defined. In 2000, the AD engineer did not take this into Consideration. I am beyond this issue now. I just want to know about the managing of a resource mailbox through Active Directory user and computers permissions. I did not mean the ESM for managing the permissions on a maibox.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
3K
Satishkumar007
Satishkumar007
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
3K
ComputersUnlimited
ComputersUnlimited
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
3K
Priyanka_Chauhan
Priyanka_Chauhan

Part and Inventory Search

Sponsor

Back
Top