I have been trying hard to figure out whether the Microsoft Exchange 2007 Administrators can view a user's mailbox? If so, how is this audited?
Unfortunately, I believe there is no real way of doing this in Exchange Server 2007. The closest you'll get would be to experiment with diagnostics logging settings on MS Exchange IS Private and then trolling the application event log for the events created when someone logs onto a secondary mailbox. But as yet, I haven't heard of anyone who has figured out a way to do this which meets typical audit requirements.
In Exchange 2003, I know we could do this very well. Just go to:
Put in our administrator user/pass, and login to that users mailbox and you could view his/her mailbox.
Interesting thingi isn't it??