5

I was just assigned management of our Exchange Servers. The person who installed and configured our Exchange 2010 Servers did not set up permissions correctly. I noticed that anyone within the organization can open a users mailbox without them being assigned. This is something the organization has NOT recognized as an issue but as a Network Administrator, is an major security issue.

Here is an example of what I am talking about.

A entry level engineer can open another engineers mailbox if they wanted. Again, I did NOT set permissions this way.

I am currently reading about the Exchange 2010 Server in order to properly figure everything out. However I need a quick fix right now. How can I set permissions so someone like a Entry Level Engineer can not open another engineers mailbox?

HopelessN00b
  • 54,273
Benjamin Jones
  • 336

1 Answers1

5

Please post the list of AD groups that this "Entry Level Engineer" belongs to.

In the Exchange Management Console, select a representative user and select "Manage Full Access Permission". It should look like this:

enter image description here

If there are other users or groups present in that dialog, that's where you'll need to begin to remove access.

This is something the organization has NOT recognized as an issue but as a Network Administrator, is an major security issue.

From a political perspective, though, don't come in guns blazin' to point out what the previous admin did incorrectly. There may have been a reason that this type of access was enabled. You'll look like a jackass for pursuing this without knowing the full context.

For example, I manage ~38 Exchange mail systems across a variety of clients. In some environments, non-technical principals or department heads request mailbox access to their users. I don't think any environment gives the presumption of email privacy on company systems. More advanced sites leverage journaling to accomplish the same. So get the full story before you make this a crusade...

ewwhite
  • 201,205