Hi, Our Help desk group in AD has rights to grant a customer access to another persons mailbox however after checking all groups they are a member of with a test account, I cannot locate where this permission is coming from. Could you please advise where I should be looking to prevent this as we do not want them to have this high level of access. What would be the cmdlet on the management shell to remove this? And what is the cmdlet for me to verify a users effective permissions. Thankyou

Can you specify the version of Exchange that you are using? Also, a common security hole is the BlackBerry service account. Many companies give this account out so that help desks can manage activations and re-activations, but these accounts also have mailbox access to all users. If you have a BES environment, I would look into the service account and how it is used ASAP.fr3dd

Thanks, this is using Exchange 2007 & we do not have BlackBerry.

On Wed, 30 Mar 2011 21:35:08 +0000, DLIAG wrote: Thanks, this is using Exchange 2007 & we do not have BlackBerry. You'll be better off asking this in one of the Exchange forums. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca LISP: To call a spade a thpade.