DOCUMENT:Q259022 07-MAY-2000 [exchange] TITLE :XADM: Exchange Server Service Account Has Access to Any Mailbox PRODUCT :Microsoft Exchange PROD/VER:winnt:4.0,5.0,5.5 OPER/SYS: KEYWORDS:exc4 exc5 exc55 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, versions 4.0, 5.0, 5.5 ------------------------------------------------------------------------------- SUMMARY ======= If you log on to a Microsoft Exchange Client by using the Exchange Server service account, you can open and view the mailbox of any user. MORE INFORMATION ================ This behavior is by design. By default, the Exchange Server service account inherits permissions for every mailbox. The service account is automatically granted the role of Service Account Administrator, which includes Mailbox Owner rights. Any other account that has been granted the role of Service Account Administrator also has Mailbox Owner rights, which allows those users to log on to every mailbox on the system. Because of these capabilities, it is important for Exchange Server administrators to safeguard the Exchange Server service account and password. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q168753 XADM: Microsoft Exchange Roles, Rights, and Permissions Additional query words: login ====================================================================== Keywords : exc4 exc5 exc55 Technology : kbExchangeSearch kbExchange500 kbExchange550 kbExchange400 kbZNotKeyword2 Version : winnt:4.0,5.0,5.5 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.