My user account is a domain admin and enterprise admin in a Server 2003 native AD domain with Exchange Server 2003 Enterprise SP2 running on Server 2003 Enterprise SP1. For security auditing purposes I used to be able to open any user's mailbox using Outlook profiles created on my workstation. However, that functionality is now broken. Within ESM the permission of my account is Full Control on the Information Store and Mail Server with every permission including send as and receive as. However, when I try to open a user's Outlook profile, I am prompted for userid and password and my credentials do not work? What do I have to do to fix this?
No, the functionality is now fixed. ;) You need to create a new account that is /not/ a domain admin. Google "create exmerge account" and you'll find the instructions on how to set up an account for doing this. "Scott" wrote in message news:2BA730DA-F034-430A-A59C-056B9383396B@microsoft.com... > My user account is a domain admin and enterprise admin in a Server 2003 > native AD domain with Exchange Server 2003 Enterprise SP2 running on > Server > 2003 Enterprise SP1. For security auditing purposes I used to be able to > open > any user's mailbox using Outlook profiles created on my workstation. > However, > that functionality is now broken. Within ESM the permission of my account > is > Full Control on the Information Store and Mail Server with every > permission > including send as and receive as. However, when I try to open a user's > Outlook profile, I am prompted for userid and password and my credentials > do > not work? What do I have to do to fix this?
On Jun 19, 11:17 am, "andy webb" wrote: > No, the functionality is now fixed. ;) > > You need to create a new account that is /not/ a domain admin. Google > "create exmerge account" and you'll find the instructions on how to set up > an account for doing this. > > "Scott" wrote in message > > news:2BA730DA-F034-430A-A59C-056B9383396B@microsoft.com... > > > > > My user account is a domain admin and enterprise admin in a Server 2003 > > native AD domain with Exchange Server 2003 Enterprise SP2 running on > > Server > > 2003 Enterprise SP1. For security auditing purposes I used to be able to > > open > > any user's mailbox using Outlook profiles created on my workstation. > > However, > > that functionality is now broken. Within ESM the permission of my account > > is > > Full Control on the Information Store and Mail Server with every > > permission > > including send as and receive as. However, when I try to open a user's > > Outlook profile, I am prompted for userid and password and my credentials > > do > > not work? What do I have to do to fix this?- Hide quoted text - > > - Show quoted text - Post application of security updates like 912918 or 916803 there have been instances where the Send As features were disabled for power- users (domain admins, etc). Read documentation of KB 912918 to understand what / why this fix was released. To make life simple, if you want to have one account to have access on all other mailboxes - create a mailbox and give it Send As rights on the information store. That should solve your worries. P.S - Do not give this user domain / enterprise admin rights - just a normal domain user would work.
"Scott" ha scritto nel messaggio news:2BA730DA-F034-430A-A59C-056B9383396B@microsoft.com... > My user account is a domain admin and enterprise admin in a Server 2003 > native AD domain with Exchange Server 2003 Enterprise SP2 running on > Server > 2003 Enterprise SP1. For security auditing purposes I used to be able to > open > any user's mailbox using Outlook profiles created on my workstation. > However, > that functionality is now broken. Within ESM the permission of my account > is > Full Control on the Information Store and Mail Server with every > permission > including send as and receive as. However, when I try to open a user's > Outlook profile, I am prompted for userid and password and my credentials > do > not work? What do I have to do to fix this? In Exchange 2003, members of Domain Admins and Enterprise Admins groups have explicit deny permissions on "send as" and "receive as" at the organization level, which are inherited everywhere and make them effectively unable to open any mailbox other than their own. If you want to fix this, you should remove that denied permissions. You can do that by enabling the "Security" tab for all objects in ESM (by setting ShowSecurityPage to 1 in HKCU\Software\Microsoft\Exchange\ExAdmin) and then by setting the security on the top-level organization object. Be careful not to touch anything else there, because you could do a lot of damage by setting wrong permissions. Massimo
