Granting Mailbox Rights

Microsoft Exchange 2000, 2003 and 2007 Server accounts with Enterprise Administrators mailbox access rights are denied by default. This restriction is also applicable if your login account is the Administrator account or you are a member of the Domain Admins or Enterprise Admins groups. In these cases too, access to all mailboxes other than your own will be denied, even if you have full administrative rights.

However, Exchange 2000/2003/2007 administrative tasks can be performed without granting an administrator sufficient rights to read other people's mail.

These default restrictions can be removed with methods that are in total agreement with your organization's security and privacy policies. In most cases, using these methods is appropriate only in a recovery server environment.

Granting rights to a specific mailbox

Follow the steps given below to grant access to the Microsoft Exchange 2007 mailbox.

Open the Exchange 2007 management shell and enter the following

Syntax: Add-MailboxPermission - identity <mailbox name> -accessRights fullAccess - User Administrator

Example: To grant full access to the mailbox Adams > Add-MailboxPermission - identity Adams - accessRights fullAccess - User administrator

Note: To perform Exchange 2007 Brick-Level Backup, you need to install the standalone version of MAPI from the Microsoft site. Download Standalone version of MAPI (link)

Granting rights to a specific mailbox

Follow the steps given below to grant access to Exchange 2000 or an Exchange 2003 mailbox:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start ‘Active Directory Users and Computers’.
2. On the ‘View’ menu, ensure that the ‘Advanced Features’ check box is selected.

Note: This is not necessary on Exchange Server 2003 because the Exchange Advanced tab on it will be exposed by default.

3. Right-click on the user whose mailbox you want to give permissions to and choose ‘Properties’.

4. On the ‘Exchange Advanced’ tab, click on ‘Mailbox Rights…’

5. Notice that the ‘Domain Admins’ and ‘Enterprise Admins’ have both been given ‘Deny access’ to ‘Full Mailbox access’.

6. Click on ‘Add,’ and then click on the user or group that you want to grant access to this mailbox. Click on ‘OK’.

7. Be sure that the user or group is selected in the ‘Name’ box.

8. In the ‘Permissions list’, click ‘Allow’ next to ‘Full mailbox access’, and then click ‘OK’.

Granting rights to mailboxes located within a specific mailbox store

Use the following procedure to grant access to Exchange 2000 or Exchange 2003 mailboxes found on a specific mailbox store.

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start ‘Exchange System Manager’.

2. Go to your server object within the appropriate Administrative Group. Expand the server object and find the required mailbox store within the appropriate ‘Storage Group’. Right-click on it and choose the ‘Properties’ option.

3. In the ‘Properties’ window click on the ‘Security’ tab.

4. Click on ‘Add’ and then click the user or group that you want to grant access to the mailboxes. Click on ‘OK’.

5. Make sure that the user or group is selected in the ‘Name’ box.

6. In the ‘Permissions’ list, click on ‘Allow’ next to ‘Full Control’, and then click on ‘OK’.

Note: Ensure that no ‘Deny’ checkbox is selected next to the ‘Send As’ and ‘Receive As permissions’ options.

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Exchange System Manager.

2. Go to your server object within the appropriate ‘Administrative Group’. Right-click on it and choose ‘Properties’.

3. In the ‘Properties’ window go to the ‘Security’ tab.

4. Click ‘Add’ and then click on the user or group that you want to grant access to the mailboxes. Click ‘OK’ again.

5. Make sure that the user or group is selected in the ‘Name’ box.

6. In the ‘Permissions’ list, click on ‘Allow’ next to ‘Full Control’, and then click on ‘OK’.

Note: Ensure that there the ‘Deny’ checkbox seen next to the ‘Send As’ and ‘Receive As permissions’ options are not checked.