XADM: Exchange 2000 Users Have Full Mailbox Access to the Mailboxes of Other Users (328670)
The information in this article applies to:
- Microsoft Exchange 2000 Server
- Microsoft Exchange 2000 Enterprise Server
This article was previously published under Q328670 SYMPTOMS Some users of your Exchange 2000 Server organization may
report that they have full access to the mailboxes of other users.
When you review mailbox permissions for your Exchange users in the Microsoft
Active Directory Users and Computers administrative tool, you may notice that
the Everyone group has inherited Full mailbox access permissions to all the mailboxes in your Exchange 2000 Server
organization. CAUSE This issue may occur if the Everyone group has been granted
either Receive As or Send As permissions on the mailbox store.
NOTE: Inheritance of Full mailbox access permissions
may occur if any user or group has either Receive As or Send As permissions (or both) on the mailbox store. This issue is not
unique to the Everyone group. When a user or group has one or both of these
permissions to the mailbox store, that user or group inherits Full
mailbox access permissions to all the mailboxes on the Exchange
server. RESOLUTION To resolve this issue, you must review the permissions
assigned to the Everyone group in the Exchange System Manager to determine
whether the Everyone group has been assigned Receive As or Send As permissions. Also verify that any other users or groups assigned
these permissions actually need them. To do this, follow these steps. NOTE: Some objects in Exchange System Manager may not display the
Security tab by default, and therefore you cannot review the
permissions associated with those objects. Before you follow these steps, make
sure that the Security tab has been made available in Exchange
System Manager. For additional information about
how to make the Security tab available on all objects, click the following
article number to view the article in the Microsoft Knowledge Base: 259221
XADM: Security Tab Not Available on All Objects in System Manager
- Click Start, point to
Programs, point to Microsoft Exchange, and
then click System Manager.
- In Exchange System Manager, click Servers,
and then double-click your Exchange server in the right pane.
- In the left pane, click First Storage
Group.
- Right-click Mailbox Store, and then click
Properties.
- Click Security, and then verify that the Receive As and Send As permissions have been assigned correctly. Make sure that they
have not been incorrectly assigned to users or groups, such as the Everyone
group or the Domain Users group. If the Receive As or Send As permissions have been assigned incorrectly, click to clear their
respective check boxes, and then click OK.
- Move up the hierarchy in Exchange System Manager, repeating
step 5 for the following objects:
- First Storage Group
- Your Exchange Server
- Your Exchange Organization
- Click Start, point to
Programs, point to Administrative Tools, and
then click Active Directory Users and Computers.
- In the left pane, click Users.
- In the right pane, right-click a user account that has an
Exchange mailbox, and then click Properties.
- Click the Exchange Advanced tab, and then
click Mailbox Rights.
- Verify that any users or groups listed as having
Full mailbox access permissions are correctly
assigned.
NOTE: If any users or groups, such as Everyone or Domain Users, are
still listed as having Full mailbox access permissions, return
to step 5 and verify that the Receive As or the Send As permissions have not been incorrectly assigned. - Click OK two times.
| Modification Type: | Minor | Last Reviewed: | 6/13/2003 |
|---|
| Keywords: | kbprb KB328670 |
|---|
|