How to Grant Access to Shared Mailboxes

Access to shared mailboxes (often referred to as “service accounts” by IT@JH documents) is done using your personal JHED to access the additional mailbox.  Documentation on how to access these mailboxes is here.

People nearly always use the Whiting IT help desk to add or remove access to shared mailboxes.  This is done through a ticket to  For those of you with access to make your own changes, however, here are the steps to take.

Controlling Access to a Shared Mailbox

Group membership edits are done in MyJH. To be able to edit group membership you’ll need to be the owner of the group, so if you are inheriting an existing mailbox (or editing a mailbox created for you by WSE IT) ownership will need to be transferred to you.  If you need to know who owns a particular mailbox ask

  • In a web browser, go to  Navigate to Messaging -> Exchange Service Account.
  • If you want to change the people who have access to the mailbox, hit the Members… list and add or remove JHEDs.  These people can open the mailbox but cannot add or remove other members.
  • If you want to change the people who can add or remove users, use the Co-Owners… link.  Note that co-owners can change Members, but don’t also have access to the mailbox.  If someone is supposed to be an owner AND be able to open the mailbox, they should be in both lists.
  • In all cases, it takes about 60 minutes for these changes to be replicated across all the JH mail servers.  When you change access for users they’ll need to log out and log back in to Outlook before the changes take effect.

Why Can’t I Just Use A Shared Password?

While these mailboxes do have their own usernames and passwords, we try not to distribute those.  If people use their own JHEDs to access the shared resource we can log who does what (intentionally or unintentionally) back to individuals.  If people share an account and password, we can’t track things back to individuals but only to the shared account.  This is a minor support problem but a major security problem — there is an avenue to anonymous abuse, and it is very hard to revoke access from people if they have access to more accounts than just their JHED.