XADM: Exchange Server Service Account Can Gain Access to Any Mailbox (259022)


The information in this article applies to:

  • Microsoft Exchange Server 4.0
  • Microsoft Exchange Server 5.0
  • Microsoft Exchange Server 5.5
This article was previously published under Q259022

SUMMARY

If you log on to a Microsoft Exchange Client by using the Exchange Server service account, you can open and view the mailbox of any user.

MORE INFORMATION

This behavior is by design. By default, the Exchange Server service account inherits permissions for every mailbox. The service account is automatically granted the role of Service Account Administrator, which includes Mailbox Owner rights.

Any other account that has been granted the role of Service Account Administrator also has Mailbox Owner rights, which allows those users to log on to every mailbox on the system.

Because of these capabilities, it is important for Exchange Server administrators to safeguard the Exchange Server service account and password.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

168753 XADM: Microsoft Exchange Roles, Rights, and Permissions

Modification Type:MinorLast Reviewed:4/21/2005
Keywords:kbinfo KB259022
©2004 Microsoft Corporation. All rights reserved.