locked
Best Practice for Server Monitoring Mailboxes RRS feed

  • Question

  • Hi all,

    When administrators need to view the physical contents of a mailbox, what is the best practice route to do so?

    I have not installed Outlook on the server, as I was told this is a security risk.


    Mike Oke MCTS, MCITP (Windows 7)

    Wednesday, August 29, 2012 1:00 PM

Answers

  • TBH, I wasn't looking at policing, I was more thinking about the monitoring of the NetworkAdmin email, Postmaster email, and also any unattended mailboxes (such as "Company").

    I guess the best option is to use my own user profile, on a non server box, and grant myself Full Access rights?


    Mike Oke MCTS, MCITP (Windows 7)

    • Marked as answer by Mike Oke Monday, September 3, 2012 3:56 PM
    Thursday, August 30, 2012 3:27 PM

All replies

  • Best practice, in my opinion, is that administrators NOT have rights to go into everyone's mailbox by default.  When a user needs help, ask permssion to assign rights to yourself on the mailbox, do what you have to do, and then tell the user that you are removing the rights after you are done.  I strongly believe that this builds trust and improves your position as a service provider rather than a policeman.

    As to how to gain access, just create an Outlook profile for the mailbox in your Outlook or use OWA depending on what it is you need to do.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Wednesday, August 29, 2012 3:21 PM
  • TBH, I wasn't looking at policing, I was more thinking about the monitoring of the NetworkAdmin email, Postmaster email, and also any unattended mailboxes (such as "Company").

    I guess the best option is to use my own user profile, on a non server box, and grant myself Full Access rights?


    Mike Oke MCTS, MCITP (Windows 7)

    • Marked as answer by Mike Oke Monday, September 3, 2012 3:56 PM
    Thursday, August 30, 2012 3:27 PM
  • Yes just grant yourself full mailbox rights and open in outlook or owa when you need to view the contents. As far as monitoring them, there's really no concept of monitoring your service account\resource mailboxes, you just access them on demand when you need to.

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Thursday, August 30, 2012 4:27 PM
  • For that kind of thing, just grant yourself full mailbox access rights and then open the mailbox as an additional mailbox in your Outlook profile.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Thursday, August 30, 2012 4:46 PM
  • If you want to grant access to a mailbox and its contents, you can use the Manage Full Access Permission Wizard. In the Exchange Management Console, right-click the mailbox you want to work with and then select Manage Full Access Permission.

    In the Manage Full Access Permission Wizard, click Add, and then use the Select User Or Group dialog box to choose the user or users who should have access to the mailbox. To revoke the authority to access the mailbox, select an existing user name in the Security Principal list box and then click Remove. Click Manage to set the desired access permissions. For more info, see this post. Hope it is useful.


    Noya Lau

    TechNet Community Support

    Sunday, September 2, 2012 6:41 AM