I have recently taken over the administration of an Exchange 2003 Organisation. A number of the permissions set in the root of the Exchange Organisation are inherited from the parent object. What is this parent object? I initially though it may be the AD container "Microsoft Exchange System Objects" but when I made changes to this they weren't propagated down to the root Exchange folder.

"If your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full administrative rights over the Exchange system. All Exchange Server 2003 administrative tasks can be performed without having to grant an administrator sufficient rights to read other people's mail.You can override this default restriction in several ways, but do so only in accordance with your organization's security and privacy policies. Frequently, overriding the default restriction is appropriate only in a recovery server environment.To grant your administrative account access through Exchange System Manager to all mailboxes in a single database regardless of inherited denials: 1. Start Exchange System Manager, and then locate the database you want to have full mailbox access to. 2. Open the properties of this object, and then click the Security tab. 3. Grant your account full explicit permissions on the object, including Receive As permissions. After you have made this change, you may still see unavailable Deny and Allow permissions assigned to your account. The unavailable permissions indicate that by inheritance you have been denied permission, but that you have inherited permissions at this level. In the Windows permissions model, explicitly granted permissions override inherited permissions. Note that an explicit Allow at a lower level permission overrides an explicit Deny from a higher level permission only on the single object where the override is set, not on that object's child objects. This prevents you from granting yourself permissions on a server to gain access to each database; you must grant permissions on databases individually."Quoted from MS site. They are default permissions but can be overridden further down if needed.