Microsoft KB Archive/259022

= XADM: Exchange Server Service Account Can Gain Access to Any Mailbox =

Article ID: 259022

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Exchange Server 4.0 Standard Edition
 * Microsoft Exchange Server 5.0 Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q259022



SUMMARY
If you log on to a Microsoft Exchange Client by using the Exchange Server service account, you can open and view the mailbox of any user.



MORE INFORMATION
This behavior is by design. By default, the Exchange Server service account inherits permissions for every mailbox. The service account is automatically granted the role of Service Account Administrator, which includes Mailbox Owner rights.

Any other account that has been granted the role of Service Account Administrator also has Mailbox Owner rights, which allows those users to log on to every mailbox on the system.

Because of these capabilities, it is important for Exchange Server administrators to safeguard the Exchange Server service account and password.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

168753 XADM: Microsoft Exchange Roles, Rights, and Permissions

Additional query words: login

Keywords: kbinfo KB259022

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.