How can I give an employee a mailbox without at least making him a user

Posted March 20, 2008 · March 20, 2008

We have a temporary employee starting next Monday. He will need an email

account, but it's important that he NOT have access to any of the shares on

the servers. My problem is that there are a lot of shares that are

accessable to "Everyone". If I make him a "domain user" he'll be in the

"Everyone". And I'd rather not "Deny" his account access to each of the

shares.

So, is there some way that I can give him an email account with a mailbox

(Exchange 2003 on a SBS 2003 server), without making him a Domain User?

Thanks

Posted March 20, 2008 · March 20, 2008

Re: How can I give an employee a mailbox without at least making him a user

OscarVogel <rtk@divecochran.com> wrote:

> We have a temporary employee starting next Monday. He will need an

> email account, but it's important that he NOT have access to any of

> the shares on the servers. My problem is that there are a lot of

> shares that are accessable to "Everyone". If I make him a "domain

> user" he'll be in the "Everyone". And I'd rather not "Deny" his

> account access to each of the shares.

>

> So, is there some way that I can give him an email account with a

> mailbox (Exchange 2003 on a SBS 2003 server), without making him a

> Domain User?

> Thanks

No...to have a mailbox, they have to be a user. What you should do, instead

of granting access to 'everyone' or any built-in group, is set up a security

group ("All Staff") or whatnot - and use *that* in your NTFS permissions on

new/custom folders, rather than using Domain Users. That way, you can simply

not put a visitor/temp user in the All Staff group. You'll have to do a bit

of work once to clean up the security & make it work that way, but it will

save you loads of headaches later on. Doing stuff with groups is *much*

better than with individual user accounts.

Posted March 20, 2008 · March 20, 2008

Re: How can I give an employee a mailbox without at least making hima user

Re: How can I give an employee a mailbox without at least making hima user

No; they are tied together. One option is to give him a company E-mail

address via creating a contact object which forwards to his personal E-

mail address. Some companys opt to do this for their consultants which

also circumvents the licensing per mailbox.

James Chong (MVP)

MCITP | EMA; MCSE | M+, S+,

Security+, Project+, ITIL

msexchangetips.blogspot.com

OscarVogel wrote:

> We have a temporary employee starting next Monday. He will need an email

> account, but it's important that he NOT have access to any of the shares on

> the servers. My problem is that there are a lot of shares that are

> accessable to "Everyone". If I make him a "domain user" he'll be in the

> "Everyone". And I'd rather not "Deny" his account access to each of the

> shares.

>

> So, is there some way that I can give him an email account with a mailbox

> (Exchange 2003 on a SBS 2003 server), without making him a Domain User?

>

> Thanks

Posted March 20, 2008 · March 20, 2008

Re: How can I give an employee a mailbox without at least making him a user

Your only answer is to tighten up rights on file shares.

--

Ed Crowley

MVP - Exchange

"Protecting the world from PSTs and brick backups!"

"OscarVogel" <rtk@divecochran.com> wrote in message

news:063351C1-C0FC-4CE8-97FB-AA8EF4736AE6@microsoft.com...

> We have a temporary employee starting next Monday. He will need an email

> account, but it's important that he NOT have access to any of the shares

> on the servers. My problem is that there are a lot of shares that are

> accessable to "Everyone". If I make him a "domain user" he'll be in the

> "Everyone". And I'd rather not "Deny" his account access to each of the

> shares.

>

> So, is there some way that I can give him an email account with a mailbox

> (Exchange 2003 on a SBS 2003 server), without making him a Domain User?

>

> Thanks

Posted March 20, 2008 · March 20, 2008

Re: How can I give an employee a mailbox without at least makinghim a user

Re: How can I give an employee a mailbox without at least makinghim a user

On Thu, 20 Mar 2008 09:56:59 -0500

"OscarVogel" <rtk@divecochran.com> wrote:

>We have a temporary employee starting next Monday. He will need an

>email account, but it's important that he NOT have access to any of

>the shares on the servers. My problem is that there are a lot of

>shares that are accessable to "Everyone". If I make him a "domain

>user" he'll be in the "Everyone". And I'd rather not "Deny" his

>account access to each of the shares.

>

>So, is there some way that I can give him an email account with a

>mailbox (Exchange 2003 on a SBS 2003 server), without making him a

>Domain User?

>

>Thanks

>

How about creating and account for him with an e-mail address, and

limit him to log on to the local machine only. He will need to type a

password for Outlook, but network connections.

--

Jerry Maguire: Help me... help you. Help me, help you.

;-)

Posted March 21, 2008 · March 21, 2008

Re: How can I give an employee a mailbox without at least making him a user

On Thu, 20 Mar 2008 11:10:22 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>OscarVogel <rtk@divecochran.com> wrote:

>> We have a temporary employee starting next Monday. He will need an

>> email account, but it's important that he NOT have access to any of

>> the shares on the servers. My problem is that there are a lot of

>> shares that are accessable to "Everyone". If I make him a "domain

>> user" he'll be in the "Everyone". And I'd rather not "Deny" his

>> account access to each of the shares.

>>

>> So, is there some way that I can give him an email account with a

>> mailbox (Exchange 2003 on a SBS 2003 server), without making him a

>> Domain User?

>> Thanks

>

>No...to have a mailbox, they have to be a user. What you should do, instead

>of granting access to 'everyone' or any built-in group, is set up a security

>group ("All Staff") or whatnot - and use *that* in your NTFS permissions on

>new/custom folders, rather than using Domain Users. That way, you can simply

>not put a visitor/temp user in the All Staff group. You'll have to do a bit

>of work once to clean up the security & make it work that way, but it will

>save you loads of headaches later on. Doing stuff with groups is *much*

>better than with individual user accounts.

>

Or on the security tab of each share add the user with a deny. Could

be a pain if you have lots of shares. LW is probably right as she

usually is.

See what SBS support is working on

http://blogs.technet.com/sbs/default.aspx

Check your SBS with the SBS Best Practices Analyzer

http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx

Posted March 22, 2008 · March 22, 2008

Re: How can I give an employee a mailbox without at least making him a user

On Thu, 20 Mar 2008 09:56:59 -0500, "OscarVogel" <rtk@divecochran.com>

wrote:

>We have a temporary employee starting next Monday. He will need an email

>account, but it's important that he NOT have access to any of the shares on

>the servers. My problem is that there are a lot of shares that are

>accessable to "Everyone". If I make him a "domain user" he'll be in the

>"Everyone". And I'd rather not "Deny" his account access to each of the

>shares.

>So, is there some way that I can give him an email account with a mailbox

>(Exchange 2003 on a SBS 2003 server), without making him a Domain User?

Just wonder if this could work. To tired to test it right now:

(1) Make him a mail-enabled user

(2) Disable the account

(3) Set up forwarding to an external POP3 account

(4) Download to Outlook from the POP3 account

(5) In Outlook set the sender's address to the domain account

jas

Posted March 22, 2008 · March 22, 2008

Re: How can I give an employee a mailbox without at least making him a user

Jon-Alfred Smith <jonsmi@community.nospam> wrote:

> On Thu, 20 Mar 2008 09:56:59 -0500, "OscarVogel" <rtk@divecochran.com>

> wrote:

>

>> We have a temporary employee starting next Monday. He will need an

>> email account, but it's important that he NOT have access to any of

>> the shares on the servers. My problem is that there are a lot of

>> shares that are accessable to "Everyone". If I make him a "domain

>> user" he'll be in the "Everyone". And I'd rather not "Deny" his

>> account access to each of the shares.

>

>> So, is there some way that I can give him an email account with a

>> mailbox (Exchange 2003 on a SBS 2003 server), without making him a

>> Domain User?

>

> Just wonder if this could work. To tired to test it right now:

>

> (1) Make him a mail-enabled user

But then he wouldn't have an address on the domain (mail-enabled users have

external addresses), and you wouldn't be able to do a forward (you can set

forwards only on mailboxes).

> (2) Disable the account

> (3) Set up forwarding to an external POP3 account

> (4) Download to Outlook from the POP3 account

> (5) In Outlook set the sender's address to the domain account

>

> jas

Posted March 23, 2008 · March 23, 2008

Re: How can I give an employee a mailbox without at least making him a user

On Sat, 22 Mar 2008 08:39:42 -0400, "Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote:

>Jon-Alfred Smith <jonsmi@community.nospam> wrote:

>> On Thu, 20 Mar 2008 09:56:59 -0500, "OscarVogel" <rtk@divecochran.com>

>> wrote:

>>> We have a temporary employee starting next Monday. He will need an

>>> email account, but it's important that he NOT have access to any of

>>> the shares on the servers. My problem is that there are a lot of

>>> shares that are accessable to "Everyone". If I make him a "domain

>>> user" he'll be in the "Everyone". And I'd rather not "Deny" his

>>> account access to each of the shares.

>>> So, is there some way that I can give him an email account with a

>>> mailbox (Exchange 2003 on a SBS 2003 server), without making him a

>>> Domain User?

>> Just wonder if this could work. To tired to test it right now:

>> (1) Make him a mail-enabled user

>But then he wouldn't have an address on the domain (mail-enabled users have

>external addresses), and you wouldn't be able to do a forward (you can set

>forwards only on mailboxes).

I meant to say mailbox-enabled user. Still not sure if it will work

(but it might). And I do agree with others here that something should

be done with permissions on the shares.

>> (2) Disable the account

>> (3) Set up forwarding to an external POP3 account

>> (4) Download to Outlook from the POP3 account

>> (5) In Outlook set the sender's address to the domain account

>> jas

jas

>

Sign In

How can I give an employee a mailbox without at least making him a user

Recommended Posts

Guest OscarVogel

Popular Days

Popular Days

Guest Lanwench [MVP - Exchange]

Guest Jamestechman

Guest Ed Crowley [MVP]

Guest Holz

Guest Jim Behning SBS MVP

Guest Jon-Alfred Smith

Guest Lanwench [MVP - Exchange]

Guest Jon-Alfred Smith

Browse

Activity

Site Info