Recipe5.14.Granting Full Access to Mailboxes

Previous page
Table of content
Next page

Recipe 5.14. Granting Full Access to Mailboxes

Problem

You need to give one user complete access to another's mailbox.

Solution

Using a graphical user interface

  1. Log on to any machine in your domain that has the Exchange management tools installed.

  2. Open the ADUC snap-in (Users and Computers.msc).

  3. Locate the user for whom you want to grant access.

  4. Right-click the target user and choose the Properties command.

  5. Switch to the Exchange Advanced tab and click the Mailbox Rights button.

  6. In the Permissions dialog box, click the Add button.

  7. In the Select Users, Computers, or Groups dialog box, select the user or group to which you want to delegate access, then click OK.

  8. In the permissions list of the Permissions dialog, make sure the Allow checkbox for Full mailbox access is checked.

  9. If you're granting access to an administrator, click the Advanced button.

  10. Click the Add button.

  11. In the Select Users, Computers, or Groups dialog box, select the user or group to which you want to delegate access, then click OK.

  12. Check the Full mailbox access entry in the Allow column, then click OK.

  13. Click OK.

  14. Click OK to close the Properties dialog box. (Note that you may have to wait for these permissions to replicate before the new permissions take effect.)

Discussion

You can assign delegate access to individual mailbox folders using the Outlook user interface; this is commonly done to give executive assistants access to their principals' calendars without giving them access to messages contained in the Inbox. However, Outlook's tool for setting mail folder permissions are best suited for providing delegate access, including the ability to send on the other user's behalf. There are other scenarios in which you might want to give one user full access to another's mailbox. For example, if you have a user who's out on extended medical leave, another user might require access to that user's Inbox and saved mail; another sadly common example is when an employee is being investigated for wrongdoing and the legal or HR departments request mailbox access. The technique described above gives one account or group full access to the target mailbox, meaning that users who have access can log on to the mailbox and use it as the original user couldno "Sent on behalf of" tags or other telltale signs that delegate access is in use. If you instead use ESM to grant these permissions to a mailbox store, the grantee will have that same level of access for all mailboxes in that database. Note that when you assign full mailbox access rights using the ADUC snap-in, the delegate doesn't automatically get Send As permissions (see Recipe 5.21 to grant these).

See Also

Recipe 5.21 to grant Send As permissions, Recipe 5.15 to get the list of existing delegates on a mailbox, MS KB 295558 for using MAPI in Visual Basic to assign delegate permissions to individual folders, and MS KB 821900 for using OWA 2003 to get delegate access


Previous page
Table of content
Next page
Exchange Server Cookbook
Exchange Server Cookbook: For Exchange Server 2003 and Exchange 2000 Server
ISBN: 0596007175
EAN: 2147483647
Year: 2006
Pages: 235
Authors: Paul Robichaux, Missy Koslosky, Devin L. Ganger
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
High-Speed Signal Propagation[c] Advanced Black Magic
Introduction to 80x86 Assembly Language and Computer Architecture
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy