This article has been archived. It is offered "as is" and will no longer be updated.
In an Exchange Server 2007 environment, a domain user account can be given "Exchange View-Only Administrator" permission by using the Exchange Administration Delegation Wizard at the organization level. You expect that the account that has the "Exchange View-Only Administrator" permission can view the Exchange configuration only. However, the account can read the contents of any message in a mailbox store in the organization. For example, the account that has the "Exchange View-Only Administrator" permission can access the contents of the other users' mailboxes by using the Public Folder Distributed Authoring (PFDavAdmin) tool or the Versioning (DAV)-based administration tool.
A feature is now included with Update Rollup 8 for Exchange 2007 Service Pack 1 to change this behaviour.
For more information about Update Rollup 8 for Exchange Server 2007 Service Pack 1, see the following Exchange Help topic:
Warning You should test the change before you install the hotfix and implement the change because it may affect some third-party applications that access Exchange data by using the administrative logon and the "Exchange View-Only Administrator" permission.
After you install the hotfix, you have to create the Restrict View-Only Administrator Access Right registry entry on the Exchange server for this hotfix to work. If you do not create this registry entry, or if the registry setting is set to zero, accounts that have the "Exchange View-Only Administrator" permission can still access mailbox contents in a mailbox store. To set the registry entry, follow these steps:
Click Start, click Run, type Regedit, and then click OK.