Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA 5.5 - Why can Domain Admins can open any mailbox?!

Status
Not open for further replies.
zaresa

zaresa

IS-IT--Management
Apr 9, 2002
72
0
0
US
Recently installed OWA 5.5 on a W2K server (my Exchange is on a seperate NT 4.0 machine) and I am in the process of testing it.

I noticed that Domain Admins can open any mailbox simply by choosing a different alias at the logon screen. This is true even if the Domain Admin is not given permission to the mailbox on Exchange.

Is this normal functionality? Is there a way I can change this via permissions on the OWA server? Although I am the NetAdmin, I've had to give a couple of non-technical managers Domain Admin rights just in case I drop dead. I would be very uncomfortable with these people having this kind of right.

Conversely, users that HAVE be given permissions to other user email accounts CANNOT open these mailboxes. Any help would be greatly appreciated.
 
Sort by date Sort by votes
Correction to above...it looks like it is all Exhange Service Accounts (which also happen to be Domain Admins)that have these rights. Once again, is there a way that I can limit access to mailboxes as per the permissions on the Exchange server.

Thanks again,
 
Upvote 0 Downvote
Eight....two are for me and the other Admin. Three are for non-technical company managers who need these accounts "just in case" (although they have gone in at times and tinkered with things). Three are for service accounts that require DA rights to run the applications.

My concern is that if these managers figure out that they can open any mailbox they will abuse this. If the functionality only applies to Exchange service accounts then the number drops down to approx. 5 users...still 2 more than I am comfortable with.
 
Upvote 0 Downvote
I would almost create a second domain admin group and set them up with the permissions they need and nothing more. Or I would give each use the permissions that they need and not let them have the administrator account. Craig

 
Upvote 0 Downvote
Sure, if you go to File/Properties in Exchange Administrator you can click on the permissions tab you can set their access level there.
 
Upvote 0 Downvote
Thanks everyone...I figured it out by process of elimination. Giving the user permissions w/i the Configuration container on Exchange is where this right comes from. It is not related to DA rights at all.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
661
microsGuy16
microsGuy16
BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
554
BroBias
BroBias
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
536
Priyanka_Chauhan
Priyanka_Chauhan
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
525
ponoodle
ponoodle
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
506
david jackson
david jackson

Part and Inventory Search

Sponsor

Back
Top