Exchange 2003 Admin w/o ability to gain service acct access & read other users' mail?

I recently installed/configured an Exchange 2003 server for my
organization. Upon completion they removed me from the Administrators
group so that I would not be able to read other users' email.

Although this right is disabled by default, MS has left a couple
backdoors so admins can grant themselves Service Account access and
read other users' mailboxes. See:
http://support.microsoft.com/?id=821897

MS Reasoning appears to be, "Just don't do it" -- which is not enough
to satisfy my company principals. They are uncomfortable with even the
possibility that I *could* add service acccount rights and read their
mail.

I'm still asked quite often to perform admin tasks, but I typically
have to call in a company principal to login for me, because of the
email privacy concern they have.

So my question is, can a user be granted Administrator access for
everything MINUS the ability to grant himself Service Account access
(and thereby read other users' mail)?

0
2/4/2005 7:24:37 PM
exchange.admin 57650 articles. 2 followers. Follow

1 Replies
522 Views

Similar Articles

[PageSpeed] 54

Must give you that warm and fuzzy feeling working for someone that doesnt
trust you, but yet calls you to fix everything.  Either you are an admin or
you are not.  Yes you can jack with settings all day long to try and narrow
down what an admin has access to and what they can do, but it is much easier
to trust that your admin wont go snooping where they dont belong.  You have
to give the keys of the kingdom to someone.  My suggestion would be, have
them put in place some type of auditing.  Even a third party type of
software that monitors account changes and things of that nature and sends
alerts when changes have been made, but of course that software would need
an admin also.  Maybe that will ease their mind.  If that doesnt work for
them, I would suggest they go back to pen and papper for communication and
seal each note with a wax copy of their ring.



<jeoffwilks@gmail.com> wrote in message
news:1107545077.758728.305800@o13g2000cwo.googlegroups.com...
> I recently installed/configured an Exchange 2003 server for my
> organization. Upon completion they removed me from the Administrators
> group so that I would not be able to read other users' email.
>
> Although this right is disabled by default, MS has left a couple
> backdoors so admins can grant themselves Service Account access and
> read other users' mailboxes. See:
> http://support.microsoft.com/?id=821897
>
> MS Reasoning appears to be, "Just don't do it" -- which is not enough
> to satisfy my company principals. They are uncomfortable with even the
> possibility that I *could* add service acccount rights and read their
> mail.
>
> I'm still asked quite often to perform admin tasks, but I typically
> have to call in a company principal to login for me, because of the
> email privacy concern they have.
>
> So my question is, can a user be granted Administrator access for
> everything MINUS the ability to grant himself Service Account access
> (and thereby read other users' mail)?
>


0
Nospam7558 (31)
2/4/2005 8:48:16 PM
Reply:

Similar Artilces:

Exchange Cluster
I am looking for information regarding deployment of an Exchange Cluster in a Blade configuration. Thanks Ken First and formost, make sure your hardware is on the HCL. Support would only be "best effort" if it is not. The following link will get you to the Deploying Microsoft Exchange 2000 Server Clusters: http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/default.mspx Exchange 2003 Clusters cna be found in the Exchange 2003 Deploymnet Guide at the following location: http://www.microsoft.com/exchange/prodtechnol/exchange/2003/library/default.mspx -- Nicholas ...

MDE in Access 2003
My office is the process of upgrading all users to Office 2003 from Office XP. I've encountered a problem that when I've edited a database created with Access 2002, and create an MDE file, those users still in Office XP cannot open the MDE file. They receive an error that says something like "file is incorrect format." (And I have to edit all existing databases...Access 2003 shows a missing reference to web components that impedes the database from executing formulas and it gives an error message. In order to check-off the missing reference, I have to open the data...

ADSL - WIFI
NETWORK: Conexant ADSL SOHO Router 4 Port Switch. DHCP=10.0.0.3 to 6, Fixed IP of 10.0.0.2 3Com WiFi 11b & 54g Fixed IP of 10.0.0.1, Currently No DHCP, No WEP, MAC Address selection SET to Users. ESSID not broadcasted. PC(1) Toshiba Satellite Pro - LAN 10/100 = IP Auto, DNS Fixed PROXY set & WiFi 54g PCMCIA (Home Only) Currently IP=10.0.0.5,DNS=10.0.0.2 PC(2) Toshiba Portege - LAN 10/100 = IP Auto, DNS Auto & Built in 11b WiFi = IP Auto, DNS Auto. Both XP Pro PCs belong to professionals set up on different Domains who only want to get wireless internet access not local network. DI...

Your message was deleted without being read.
This option was available with exchange 5.5 and earlier outlook clients. Today, we are running exchange 2003 ee server along with outlook 2002 clients. Is there any way to tell if a global message is being deleted by users without being read without turing on the "read receipt" in tracking options? All I want to do is tell which users are deleting the messages internally. Thanks. mike No. -- Sue Mosher, Outlook MVP Author of Microsoft Outlook Programming - Jumpstart for Administrators, Power Users, and Developers http://www.outlookcode.com/jumpstart.aspx &qu...

Exchange
In Outlook 2007: 1. Draft folder is visible but contents are not! (i can see the number of message but not the messages) 2. Notes folder is NOT visible. (funny thing is that if i make a shortuct i can see it) In BOTH cases all is OK in OWA. Evan Camilleri http://www.holistic.com.mt http://www.dotnetmushroom.com http://www.mobilesalesman.com 1) Perhaps you have a filter set to your view? Verify that the view has been set to "Sent To" and reset it if necessary. 2) Does it show when you switch to the Notes Navigation or use the Folder List Navigation to see all your folders ...

Configure regional settings and language from access VBA
Hi all i build automation in access that updates the data base one of the problem i bumped is that if the regional setting are on other language beside english it will raise an error indicating on the characters is there an option to stablize the automation to the relevant the language that the windows use ((for example i had problem when the language in the regional language settings was on german ...

outlook express 6 (no pics in outgoing mail)
I have outlook express 6. I used to have no problem sending pictures in email. Recently, they simply won't go. I have checked all the settings, at least the ones I know of, to no avail. I've gone to the HTML setting and set it to "send pictures". I still, however, get only a box with the picture name on all outgoing mail. Incoming has all pictures as they should be and I can send .jpg's as attachments. Nothing included in the body of the mail works. Any help would be greatly appreciated!! "bill a" <anonymous@discussions.microsoft.com> wrote in messa...

New user profile cannot access CRM
Howdy, I had an issue with my windows/domain profile so I wiped it out and created me a new one, on the same machine. Now CRM isn't showing up at all. What's the deal? I can't find it Add/remove programs to reinstall it. The C:\Program Files\Microsoft CRM folder is still there with all of the DLLs, and I tried adding crmaddin.dll to Outlook but that just crashed it. How do I get it back, short of manually uninstalling it and from MSDE? Thanks, David Lozzi dlozzi@(remove)delphi-ts.com The problem is, when you wiped out your profile, you most likely also wiped out the CR...

Cannot Unistall IMF Exchange 2003
Hello, I am having troubling applying Exchange 2003 Server SP 2. The error message says I need to uninstall Intelligent Message Filtering BEFORE I install SP2. I try to uninstall IMF and it will not uninstall. The error message says "There is a problem with this Windows Installer Package. A program run as part of the setup did not finish as expected. Please contact your support personnel or package vendor. .....A Fatal error during installation." I've also reinstalled the original install of IMF and still the same issues. Any thoughts? Thanks, Randy Hughes Reinstall IM...

2003: Desktop alerts on IMAP messages?
Sometimes I think I'm dating an airhead, because everytime I go out with Microsoft, she looks more beautiful than ever, but at heart she's still a bubble- gum chewing ditz. So it is with Outlook 2003 My work email uses an IMAP server, but Outlook won't let me get desktop alerts on my IMAP folder. It says that it can only do this for the default inbox (and I can't get my IMAP folder to become the default inbox). So, I've been ignoring the default inbox and using the IMAP folder without alerts. I can change the freaking transparency of the alerts, but I can't...

restore public folder to Exchange 2003 server from backup copy of the Exchange 5.5 server
Hi, Recently a user deleted a folder witnin the Public Folders on the Exchange 2003 server. When I looked at a backup copy from the backup tape, I could not find the pub1.edb file in the MDBDATA folder. I am using Backup Exec. 8.6. Prior to this, I migrated to Exchange 2003 from Exchage 5.5 and changed my Exchange 2003 into Native Mode. I made a copy of the Exchange 5.5 pub1.edb onto an external hard drive,with its utility. Can i use this copy of the pub1.edb for the existing pub1.edb I have for the Public Folders? If so, what are the steps that I would need to do in performing this act...

Intermittant connection with Outlook 2003 and Exchange 2005
I have a problem affecting just one of our clients. About a third of the messages get through, and about 2 thirds are dropped. We use Exchange Server 2005 and Outlook 2003. The client side is using Microsoft Frontbridge. If we send mail using Outlook Web Access or Evolution, all of the mail is delivered. Can someone tell me why only some of our messages sent via Outlook get delivered while all messages delivered by OWA or Evolution get through? Thanks, Rick ...

User win32 dll
Hi I've an MFC application that has to call the functions of a win32 dll. I have the dll and its header file containing functions headers and lib file. How can I do so. Regards Usman > I've an MFC application that has to call the functions of a win32 dll. I > have the dll and its header file containing functions headers and lib file. > How can I do so. You just need to link against the .lib file. What exactly is that you are not able to do? --- Ajay There's a function in the Dll that I've to use i.e MyDllFunction(unsinged int) In my MFC application, I...

POS 2009
I though I saw where the service pack for POS 2009 was scheduled for release. Does anybody know when that might be? ce-thompson@ca.rr.com -- @adctech Hi Curt - a service pack is planned for Q4 of CY 2009. Thanks! -- Lori [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Curt Thompson" wrote: > I though I saw where the service pack for POS 2009 was scheduled for release. > Does anybody know when that might be? > ce-thompson@ca.rr.com > -- > @adctech ...

Pulling email from exchange server with an exchange account
Hello, I was running a 2003 exchange server but got tired of dealing with the spam, ndr and the rest. I had setup the accounts for everyone including myself. Basically I had in outlook my account setup as an exchange account. Now that our corporate mail is hosted elsewhere I need to pull off my email from my exchange account. I have created POP accounts while using the the IP address for pop and smtp so everything is local when asking to pull. I have also went through an archive trying to get messages to save on my PC so I can then use as PST file, with no success. I have also tried looking f...

Exchange / POP3
In short: How does one go about having exchange POP email for users whom have 3rd party POP 3 server accounts? Expanded Reason: I have an exchange server setup here and I would like to get email to my users from a 3rd party POP3 account. I would normally just change MX records and point to my exchange server and have the email go right to the exchange server, but this ISP will not allow me to receive inbound SMTP. So as it stands; I can send email from my exchange server using my internet connection with out any issues, it's the receiving part that has me hung up, and if I co...

Running SQL SELECT statements in Access runtime
[Access 2003] I have a number of applications deployed to clients that have only Access runtime throughout the organization. In all cases, I have remote access to their systems, since I also provide IT support. All are split FE/BE implementations. Occasionally, a customer will need a quick, one-time query or report, or I need to do a query remotely to identify a data anomaly. Since I cannot run a query directly in Access runtime without embedding it in a form, I have (at least) two choices (leaving out the option, for the moment, of deploying a full copy of Access to the se...

virus attacks against Exchange
I've noticed over the last month that every Sunday morning at 5:45 a.m. our Exchange server sends a CPU warning. When I check the app event log for that date/time there is a *huge* amount of virus detections by our real time virus monitor . What exactly is going on here and how might I prevent this from continuing to happen ? thanks sounds like you have an "on demand" scan of your mailbox store scheduled for this time frame...have you checked? look in the configuration of your Exchange AV... "chrism" <chris@no_spam> wrote in message news:uZcfIwKpEHA.33...

format numbers with no decimals Excel 2003
I need to display invoice number eg: 145 but i can't seem to get the format cells to work. It keeps rounding it off to a 1 or displays as 1.45. i just upgraded to Excel 2003 my older verison woudl let me do this. Hi just use a format such as 0 "3 digit nubmers with no decimals" wrote: > I need to display invoice number eg: 145 but i can't seem to get the format > cells to work. It keeps rounding it off to a 1 or displays as 1.45. i just > upgraded to Excel 2003 my older verison woudl let me do this. The "0" will not work. it dispalys as a 1 not 145....

Exchange 2003 #5
How many clients/users will Exchange 2003 support? I have heard that it can support up to 10,000 users. Is this correct? "James" <anonymous@discussions.microsoft.com> wrote: >How many clients/users will Exchange 2003 support? I have heard that it can support up to 10,000 users. Is this correct? How long is a piece of string? Define the hardware platform. Define your expectations for perdformance. Define your backup/restore hardware and strategy. Define your expectations for restore/recovery time. The number of mailboxes on a server is meanngless without some context. wi...

access denied on my PST just brun to CD-ROM
Dear, My Outlook 2003 can't open the PST from the CD-ROM disc with prompt "Access Denied". I was archive the email to the file (not burning the primary PST). I made a backup to the CD-ROM disc. I wanna make a test with the file burn... I can't read. I was restart the Computer without open Outlook then Burn. However I still got this message. -david you need to copy the pst back to the hard drive and remove the read only flag. -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Coauthor, OneNote 2003 for Windows (Visual QuickStart ...

Prob w/OL 2002 Pers Addr Bk
I recently added entries to my Personal Address Book in Outlook XP. Now everytime I try to use them by opening a new message and pressing the "TO" button to select from the list, it goes along just fine until I send the email. Then I get an email from System Administrator that says Undeliverable and "Your message did not reach some or all of the intended recipients." Then a list of all the addresses I tried to send to. I have tried selecting different addresses, but nothing I've tried seems to work. Any ideas?? TIA Melissa ...

Win 7 and Too Many Users
Most of our boxes are XP, but a couple of them are Win 7. Also, the XP boxes have Access xp (2002) installed, but the Win 7 boxes have Access 2003. Problem: when a user on Win 7 opens an access program, all of the xp users then get a "Too many users" error when they attempt to open the same access program. It only takes one Win 7 user to kill all attempts by xp users to open a file. Does anyone know of a solution to this problem, or perhaps have more information about what may be causing it? Thanks in advance for any help. Fred That sounds like a permissions...

Intermediate Excel 2003
Can anyone suggest a good book to improve my Excel Skills. I have a reasonable understanding of the main functions and basic formula creation but I wish to develop things a little further? Many thanks in anticipation of any suggestions. Roger Lots of suggestions at: http://www.contextures.com/xlbooks.html best wishes -- Bernard V Liengme Microsoft Excel MVP www.stfx.ca/people/bliengme remove caps from email "roger lewis" <rogerlewis@ntlworld.com> wrote in message news:a4k3j.1531$WJ3.154@newsfe4-gui.ntli.net... > Can anyone suggest a good book to improve my Excel ...

Linking Visio 2003 Professional to Access 2003 Professional
I know there's a way to do this because I saw it somewhere and now cannot find the site. So, for work I have an Access database that has numerous tables and field. Basically it's a mock-up for an Asset Management System so we have information on Pritners, Workstations, PDAs, etc. What I want to do is pull the information from the database into a infrastructure diagram in Visio to show how everything connects and changes. I also want it to display the various information about each item (serial number, asset number, name, type, etc.). Any help would be appreciated. you might che...