|
-
December 16th, 2003, 02:54 PM
#1
Member
Exchange Server 2000
I have a question for the people out there. I have an issue with my exchange server at work. There is a problem now that all the domain admins in my active directory scheme can view everyone's email box and view every folder. Is there someway that I can stop this from happening. There is a major permission problem somewhere and I can't figure out where. I have gone to Microsoft's website and found nothing. So I was hoping that the brilliant minds that search this site might be able to help me out.
Much thanks,
JP 
-
December 16th, 2003, 04:27 PM
#2
Not Realy... Domain Admin have all the right! They can view anything they want! Even the President Email and personnal lfile if they want! 
-
December 16th, 2003, 05:03 PM
#3
Member
That's what I thought too but the domain admins didn't have the access to it before. Myself and my boss are the only domain admins. I don't care about having the access but he does so I was just wondering if there was a way to make it so that it doesn't happen.
JP
-
December 16th, 2003, 05:29 PM
#4
I believe what we did was remove the permission of the Admins from the mailboxes of the users on the M drive.... You can always go ahead and add them back if you need to. I'd test that with a dummy mailbox first though.... The old brain cell isn't what it used to be.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 16th, 2003, 05:34 PM
#5
They didn't have access because that is the dafault in 2000.... someone changed it.
Here is some info from technet....
Exchange 2000 tightens the site service account loophole considerably; the site service account no longer exists, and the Administrator account and the Domain Admins and Enterprise Admins groups are explicitly denied access to individual mailboxes. (See the Microsoft article "XADM: How to Get Service Account Access to All Mailboxes in Exchange 2000" at http://support.microsoft.com/default...262054&sd=tech for instructions about how to give snooping power to a designated account.) You can also use message journaling in Exchange 2000.
//edit I am thinking you can reverse engineer what is stated in the article...? I am with Tiger, I would make a backup and test a dummy account. Too many sleepless night with exchange....
-
December 16th, 2003, 05:43 PM
#6
Member
Thanks for that info I'll have to try those things and see what happens. Thanks for taking the time to write something in.
JP
JP
-
December 16th, 2003, 10:29 PM
#7
Just a thought, this sight might help you.
http://www.labmice.net/ActiveDirectory/default.htm
Than again may be not, GOOD LUCK!!
Nightfalls_Girl
-
December 17th, 2003, 04:00 PM
#8
Member
Thank you for putting those links there I'll see if they help. Thanks a bunch!
JP
-
December 17th, 2003, 05:18 PM
#9
Member
Thank you for that site once again Nightfalls_Girl that was a really great site with helpful stuff on it I really appreciate your help.
JP
JP
-
December 17th, 2003, 11:11 PM
#10
Holy ****, NFG was actually helpful. ALERT THE PRESS.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
