Microsoft KB Archive/182900

= XADM: Windows NT Account Is Able To Access All Mailboxes =

Article ID: 182900

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange Server 4.0 Standard Edition
 * Microsoft Exchange Server 5.0 Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q182900



SYMPTOMS
Some Windows NT accounts may be able to access all mailboxes on an Exchange Server computer, even though they were not intended to have full access.



CAUSE
This occurs because the Windows NT account or group has mailbox owner permissions on the site object. This can occur if the Windows NT account is given the User role or Service Account Admin role on the site object. By default, the User role and Service Account Admin role include the Mailbox Owner right.



RESOLUTION
To remove the Mailbox Owner permissions, perform the following steps:


 * 1) Start the Exchange Administrator program.
 * 2) From the Tools menu, select Options and then click the Permissions tab.
 * 3) Make sure the "Show Permissions page for all objects" and "Display rights for roles on Permissions page" boxes are marked with a check.
 * 4) Highlight the site object.
 * 5) From the File menu, select Properties and then click the Permissions tab.
 * 6) Highlight the account you want to change in the "Windows NT accounts with permissions" window.
 * 7) Remove the Mailbox Owner right for the account by unchecking the Mailbox Owner box.

Additional query words: open modify

Keywords: kbinfo KB182900

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.