Exchange Server 2007
Dear Experts,
I just want to know if the emails stored in the exchange server 2003 and 2007 can be read by the administrator in the mail server?
Thanks!
July 11th, 2008 10:55am
Hello,
In Exchange 2007, Enterprise Administrator & Root Domain Administrator groups are set with DENY send as/receive as permission so member of these groups doesnt have permission to read mails.
Reference: Exchange 2007 Server Setup Permissions Reference
In Exchange 2003, Exchange Administrator & Exchange Full Administrator are also set with DENY sendas/receiveas permission so same for member of these groups.
Reference: Overview of Exchange administrative role permissions in Exchange 2003
Free Windows Admin Tool Kit Click here and download it now
July 11th, 2008 10:04pm
Hi,
You can use Microsoft Exchange MAPI Editor to view and modify the contents of a Messaging API (MAPI) store directly.
If you want to view all the mailbox, then you should have the administrator privilege.
You can download it from the below link:
http://www.microsoft.com/DownLoads/details.aspx?familyid=55FDFFD7-1878-4637-9808-1E21ABB3AE37&displaylang=en
More information about Microsoft Exchange MAPI Editor:
Microsoft Exchange Server MAPI Editor
http://technet.microsoft.com/en-us/library/bb508857(EXCHG.65).aspx
Hope it helps.
Xiu
July 14th, 2008 6:36am
I am not sure if either of the folks that answered your question really told you what you are looking for. If I read this correctly, you are wanting to know if the admin CAN read other people's mail. By default, no, they cannot. However, someone that is a Domain Admin or an Enterprise Admin can give themselves permissions to the user's mailbox and thus open it and read their mail.
In ANY computer system, there must be some trust between management and the people that hold root admin that they will not do something inappropriate.
You could implement encryption systems, rights management systems,and/or two-person integrity on key accounts, but that only makes bad admin behavior more difficult, not impossible.
My $0.02 worth.
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2008 7:45am
Hi Jim,
Your answer is very helpful.
If we cannot restrict the Domanin Admin or Enterprise Admin to read other people's mail, how will be able to implement such that the Admin cannot view the user's mailbox without the permission (his/her password)? Is there a dual signon capability that the user must also input his/her password before the admin can view his/her emails?
And how to implement encryption systems and rights management system?
The objective is not to eliminate the possibility of bad behavior from the admin but just to minimize the risk of such.
Thanks again!
July 21st, 2008 10:24am