Dear Experts, I just want to know if the emails stored in the exchange server 2003 and 2007 can be read by the administrator in the mail server? Thanks!

Hello, In Exchange 2007, Enterprise Administrator & Root Domain Administrator groups are set with DENY send as/receive as permission so member of these groups doesnt have permission to read mails. Reference: Exchange 2007 Server Setup Permissions Reference In Exchange 2003, Exchange Administrator & Exchange Full Administrator are also set with DENY sendas/receiveas permission so same for member of these groups. Reference: Overview of Exchange administrative role permissions in Exchange 2003

Hi, You can use Microsoft Exchange MAPI Editor to view and modify the contents of a Messaging API (MAPI) store directly. If you want to view all the mailbox, then you should have the administrator privilege. You can download it from the below link: http://www.microsoft.com/DownLoads/details.aspx?familyid=55FDFFD7-1878-4637-9808-1E21ABB3AE37&displaylang=en More information about Microsoft Exchange MAPI Editor: Microsoft Exchange Server MAPI Editor http://technet.microsoft.com/en-us/library/bb508857(EXCHG.65).aspx Hope it helps. Xiu

I am not sure if either of the folks that answered your question really told you what you are looking for. If I read this correctly, you are wanting to know if the admin CAN read other people's mail. By default, no, they cannot. However, someone that is a Domain Admin or an Enterprise Admin can give themselves permissions to the user's mailbox and thus open it and read their mail. In ANY computer system, there must be some trust between management and the people that hold root admin that they will not do something inappropriate. You could implement encryption systems, rights management systems,and/or two-person integrity on key accounts, but that only makes bad admin behavior more difficult, not impossible. My $0.02 worth.

Hi Jim, Your answer is very helpful. If we cannot restrict the Domanin Admin or Enterprise Admin to read other people's mail, how will be able to implement such that the Admin cannot view the user's mailbox without the permission (his/her password)? Is there a dual signon capability that the user must also input his/her password before the admin can view his/her emails? And how to implement encryption systems and rights management system? The objective is not to eliminate the possibility of bad behavior from the admin but just to minimize the risk of such. Thanks again!