Support Telephone: +61 2 9212 0811 | Support Email: support@itng.com.au  
Home | Contact | Search Knowledge Base    
 Information
About ITNG
Services
Experience
NextDSL Internet
NextHOST Website Design
NextWARE Software
News
Contact Us
 
 
 Support
Support
Customer Login

Support
Knowlege Base
 

Search our Knowledge Base for technical articles. This database may contain information sourced from other sites.

You can enter up to 100 characters in your search term. We continue to add articles in this database as we encounter issues in our support work.

If you are directed to this page to start a support session click on the logo below. You will be prompted to install a file. Please follow the directions provided by support.
 

Search Knowledge Base
 
Search Terms
Enter up to 10 search terms. Up to 99 pages that contain ANY of yor search terms will be returned - the pages will be listed in order with the best results listed first.
Clear

Regain service-account access to user mailboxes 
EXCHANGE ADMINISTRATION TIPS
Regain service-account access to user mailboxes
Serdar Yegulalp
15 Sep 2003

Exchange 5.5, by default, allows the administrator to access the mailboxes of users to read or delete emails freely via the Service Account Admin privilege. Exchange administrators sometimes take this out-of-the-box behavior for granted, and then they're surprised to find that they can no longer do this when they upgrade from 5.5 to 2000. In Exchange 2000, service-account access to user mailboxes is turned off by default as a security precaution.

The most common way for administrators to bump into this problem is to build a new server to replace an old one then attempt to move mailboxes between servers manually. Unfortunately, that generates an error stating that the admin does not have sufficient privileges to do this.

The easy way to allow access to all mailboxes through the Service Account is to add the account in question to the Exchange Services or Exchange Domain Server group. However, this only works if you are not the Administrator or a member of the Domain Admins or Enterprise Admins groups.

Another method is to grant Windows (i.e., system) admins rights to all mailboxes in the entire Exchange organization. This can be done by simply changing the permissions on the organization object at the top of the Exchange System Manager tree for that account, or for the group it belongs to. Normally, the rights of administrators on the organization object are explicitly denied through the Receive As and Send As rights, so to provide access, clear these denials. (Note that if the account belongs to an administrator group that is still being denied access to that object, the group-level denial takes precedence.)

To change the permissions, you will need to force the Security tab to appear on all objects in the Exchange management console. Open the Registry and edit the key HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin, and add a DWORD value named ShowSecurityPage. Set it to 1; Exchange does not need to be restarted for this to take effect, but you may need to close and open the management console to see the Security tabs.


 
Link  
File  
 

©2006 IT Next Generation Pty Ltd | Suite 103, 330 Wattle Street, Ultimo NSW 2007
T: +61 2 9212 0811 | F: +61 2 9212 0833 | E: support@itng.com.au | W: www.itng.com.au
Website Design and Solutions | Business Grade Internet Solutions
Microsoft Small Business Specialist | Cisco Partner | Trend Micro | Destra Business