Microsoft Exchange Server Permission Insight

permissions exchange exchange-2010 mailbox

Solution 1:

Please post the list of AD groups that this "Entry Level Engineer" belongs to.

In the Exchange Management Console, select a representative user and select "Manage Full Access Permission". It should look like this:

enter image description here

If there are other users or groups present in that dialog, that's where you'll need to begin to remove access.

This is something the organization has NOT recognized as an issue but as a Network Administrator, is an major security issue.

From a political perspective, though, don't come in guns blazin' to point out what the previous admin did incorrectly. There may have been a reason that this type of access was enabled. You'll look like a jackass for pursuing this without knowing the full context.

For example, I manage ~38 Exchange mail systems across a variety of clients. In some environments, non-technical principals or department heads request mailbox access to their users. I don't think any environment gives the presumption of email privacy on company systems. More advanced sites leverage journaling to accomplish the same. So get the full story before you make this a crusade...

Related

What is "tid" in a MSDTC trace?
How can I log the negotiated SSL Cipher in Windows 2008 R2
Unattended installation of Windows Server 2012 on KVM
Internet access from private VPC subnet?
Generate new self-signed CA for Windows 2012 CA
Windows 7: Deploying Printer Settings without a Print Server
Tcpdump maximum split file size
Modifying kernel cmdline in Ubuntu
ping and traceroute does not work when UFW deny outgoing by default
Hyper-V offline migration between AMD and Intel Processors
How to make connections answer from the same gateway they entered in RouterOS?
How does LSI MegaRAID actually lay out RAID10 sets?