Delivered each Monday,
TechRepublic’s free E-mail Administration NetNote provides tips, articles, and
other resources to help you manage your Exchange server and other e-mail
systems. Automatically
sign up today!

One of the security enhancements in Exchange Server
2000/2003 is the absence of an all-powerful service account. This makes it
easier to audit for unauthorized access, as well as making user data more

However, there are times when you need to assign a single
account the right to access all mailboxes. For example, a brick-level backup
program’s service account typically requires access to the mailboxes it
protects. Exmerge, often used in recovery scenarios, also requires mailbox

While you can open each mailbox individually and add the
appropriate account permissions, that task is very time-consuming. In cases
where an account must access all mailboxes to perform a legitimate task, simply
add the account to the organization’s security properties with the appropriate
permissions. Here’s how:

  1. Open
    the Exchange System Manager.
  2. Right-click
    on the Organization object in the left pane, and then select Properties.
  3. Click
    the Security tab.
  4. Under
    Group Or User Names, click the Add button.
  5. Enter
    the account that needs access to the mailboxes.
  6. Click
    OK to close the Select Users, Computers, Or Groups dialog box.
  7. Select
    the appropriate permissions check boxes in the Permissions For pane. (Remember,
    it is a best practice to assign the minimum permissions needed to do the
  8. Click
    OK to close the dialog box.

Mailboxes in all of the organization’s stores will inherit
the account permissions you just added.