XADM: Windows NT Account Is Able To Access All Mailboxes

• Microsoft Exchange Server, versions 4.0, 5.0, 5.5

SYMPTOMS

Some Windows NT accounts may be able to access all mailboxes on an Exchange Server computer, even though they were not intended to have full access.

CAUSE

This occurs because the Windows NT account or group has mailbox owner permissions on the site object. This can occur if the Windows NT account is given the User role or Service Account Admin role on the site object. By default, the User role and Service Account Admin role include the Mailbox Owner right.

RESOLUTION

To remove the Mailbox Owner permissions, perform the following steps:

1. Start the Exchange Administrator program.



2. From the Tools menu, select Options and then click the Permissions tab.



3. Make sure the "Show Permissions page for all objects" and "Display rights for roles on Permissions page" boxes are marked with a check.



4. Highlight the site object.



5. From the File menu, select Properties and then click the Permissions tab.



6. Highlight the account you want to change in the "Windows NT accounts with permissions" window.



7. Remove the Mailbox Owner right for the account by unchecking the Mailbox Owner box.

Additional query words: open modify

Keywords : XADM
Version : winnt:4.0,5.0,5.5
Platform : winnt
Issue type : kbinfo