Accessing another user's mailbox in Outlook

In this tip from "15 tips in 15 minutes: Managing recipients and distribution lists," you'll learn how to access another user's Microsoft Outlook mailbox by following this tip showing you how to delegate mailbox access, grant access to another user, and grant yourself access.

Situations arise when a user -- maybe you -- needs to access another user's mailbox. You can accomplish this in

a variety of ways: The user can delegate access to you or another user, you can give access to yourself, or you can grant access to another user.

Delegating mailbox access 

When an executive or senior manager wants her administrative assistant to screen her email and handle routine items, she can use Outlook to delegate access to her inbox and calendar. Or a user might go on vacation and want some other user to monitor his messages.

An Outlook user can delegate access permissions to another user. The Outlook Options window (Tools -> Options in the Outlook menu) has a
Delegates tab for this purpose. Figure 5.56 shows an example.

Click Add to add a delegate. Once you select a delegate from the Global
Address List, the Delegate Permissions window opens, as shown in Figure 5.57.

Figure 56
Figure 5.56 Outlook option to select a Delegate for access to user's mailbox. (Click on image for enlarged view.)

Figure 57
Figure 5.57 Outlook delegate options permitting access to Calendar and Tasks (the default) and to the user's inbox, which enables Send As and Receive As access. (Click on image for enlarged view.)

By default, a delegate gets Editor (read, create, modify) rights only to the Calendar and Tasks folders. The user can include other folders or change the level of access using the dropdown box next to the folder.

Accessing a delegated mailbox

Once a user has been delegated access to another user's mailbox folders, the delegate can access the folders by selecting the File -> Open -> Other User's Folder option from the main menu, as shown in Figure 5.58.

If the mailbox owner delegates Editor rights for the Inbox, the delegate can use the From field in Outlook (shown in Figure 5.59) to send mail on behalf of the primary mailbox owner. This highly privileged operation should not be delegated without some thought as to the suitability (trustworthiness, maturity, and so forth) of the delegate.

Figure 58
Figure 5.58 Outlook menu option for viewing another user's mailbox folders once delegation has been granted. (Click on image for enlarged view.)

Figure 59
Figure 5.59 Outlook options showing the From field, which permits sending mail on behalf of another user. (Click on image for enlarged view.)

Granting access to another user

Sometimes you don't have the opportunity to ask a user to delegate mailbox access to you or someone else. The user might have been fired or the security team has the user under investigation. Also, human nature being what it is, sometimes you'll encounter situations where a manager wants to see a subordinate's mailbox without the subordinate being aware of this access. (Don't do this in production until you have a chat with someone in your legal department. You don't want to inadvertently violate a privacy law.)

Grant a user access to another user's mailbox via Active Directory Users and Computers as follows:

  1. Open the Properties window for the user's mailbox to which you want to grant access.

  2. Select the Exchange Advanced tab, as shown in Figure 5.60.

    Figure 60
    Figure 5.60 Exchange Advanced settings in Active Directory showing the Mailbox Rights button. (Click on image for enlarged view.)

  3. Click the Mailbox Rights button. This opens the Permissions window for the user's mailbox. If the permission list has only SELF, as shown in Figure 5.61, then the user has not yet received any messages and therefore does not have a mailbox. Send the user an email and then the security list will include all the inherited permissions from the mailbox store.

    Figure 61
    Figure 5.61 Mailbox permissions for user showing a new user that has not yet received email and therefore has only the default mailbox permission settings. (Click on image for enlarged view.)

  4. Click Add and select the name of the user you want to have access to the mailbox. Give this user Read permission if they just want to look at the messages and Full Mailbox Access if they need to send messages on behalf of the user.

Once you have assigned access to another user, the user can open the mailbox in Outlook using the procedure shown in the "Accessing a Delegated Mailbox" section of this chapter.

Granting yourself access to a user's mailbox

By default, Exchange denies mailbox access to any Domain Admin, Enterprise Admin, the Administrator account, and any account that has been delegated the Exchange Administrator or Exchange Full Administrator role. Figure 5.62 shows the Security tab of the Organization object in Active Directory where the Deny settings reside. If you delegate the Exchange a Full Administrator or an Exchange administrator role on an Administrative Group, then Exchange places the Deny entries on the Administrative Group object.

You can override a Deny inherited from the organization or an Administrative Group by placing an Allow permission on the mailbox itself in Active Directory Users and Computers. Because of the inheritance rules in Active Directory, an Allow applied directly to an object takes precedence over an inherited Deny. You can grant full access to mailboxes on a per-store or per-server basis as well. See Microsoft Knowledge Base article 262054 for details.

Figure 62
Figure 5.62 Exchange organization object showing how to override default Deny for administrators by applying an Allow for Receive As and Send As permission on mailboxes. (Click on image for enlarged view.)

15 tips in 15 minutes: Managing recipients and distribution lists

Home: Introduction
 Tip 1: Exchange security groups
 Tip 2: Group membership expansion
 Tip 3: Managing Exchange group email properties
 Tip 4: Exchange 2003 Query-Based Distribution Groups
 Tip 5: DSAccess for Exchange
 Tip 6: DSProxy for Exchange
 Tip 7: Managing Exchange recipient policies
 Tip 8: Exchange Recipient Update Service and proxy addresses
 Tip 9: Restricting mail storage on an Exchange server
 Tip 10: The Exchange server mailbox management service
 Tip 11: Blocking a user's email access
 Tip 12: Accessing another user's mailbox in Outlook
 Tip 13: Exchange mail retention
 Tip 14: Managing recipients with system policies
 Tip 15: Managing recipients with Global Settings

This chapter excerpt from Learning Exchange Server 2003 by William Boswell is printed with permission from Addison-Wesley Professional, Copyright 2004. Click here for the chapter download or to purchase the book.

Dig deeper on Microsoft Outlook



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: