Extract from
http://technet.microsoft.com/en-us/library/bb310792.aspx
Q: I have a third-party messaging application that requires full access to each user's mailbox. With Exchange Server 5.5, we grant a special account the Service Account Admin permissions, and then tell the application to use this account. How can I achieve similar functionality in Exchange 2007?
A: Exchange 2007 security works differently from that of Exchange Server 5.5. In fact, Exchange 2007 does not use a site service account. Instead, all services start as the local computer account.
If your logon account is the Administrator account, a member of the root Domain Administrators, a member of the Enterprise Administrators groups, or a member of the Exchange Organization Administrators role, you are explicitly denied access to all mailboxes that are not your mailbox, even if you have full administrative rights over the Exchange system. All Exchange 2007 administrative tasks can be performed without having to grant an administrator sufficient rights to read other people's mail.
You can achieve the results that you want in the following ways, but do so only in accordance with your organization's security and privacy policies:
In the Exchange Management Shell, use the following command to allow access to all mailboxes on a given mailbox store:
Add-ADPermission -identity "mailbox database" -user "serviceaccount" -ExtendedRights Receive-As
In the Exchange Management Shell, use the following command to allow access to an individual mailbox:
Add-MailboxPermission -identity "user" -user "serviceaccount" -AccessRights FullAccess
CELCAT Addition to MS Link
In the Exchange Management Shell, use the following command to allow access to all mailboxes on a given mailbox store. Note: this command also allows inheritence for future accounts that are created:
Get-MailboxDatabase -server YourServername | add-adpermission -user YourAutocalService -accessRights GenericRead, GenericWrite -extendedrights Send-As, Receive-As -inheritanceType all |