Link to home
Start Free TrialLog in
Avatar of SpreadTheWord
SpreadTheWord

asked on

Deny delete permission in Exchange Server 2003 Outlook 2003

I need a way to prohibit a user from deleting items from their deleted items in outlook.  We had someone leave yesterday who deleted his entire sent items then deleted it from deleted items.  The exchange server is backed up daily so the backed up version has everything deleted too. I have the exchange server set to save deleted items for 7 days, but this can be purged from outlook as well.  Bottom line is that I do not want users to be able to delete all records of an email.
Avatar of infotrader
infotrader

Chances are you can still recover the deleted items.  I followed the instructions on the following link, and it helped me recovered all of my deleted files:

http://support.microsoft.com/default.aspx?scid=kb;en-us;246153&Product=ol2002

The user doesn't have to move the message to the deleted folders to permanently delete the message.  If you high-light it and press shift-delete, it will bypass the deleted items folder.

- Info
You cannot stop someone from clearing their own deleted items folder. By default Outlook allows the user full control of their own folders.
Follow the procedure that "infotrader" above has outlined.
You can block access "To recover deleted items" menu via Group Policy. I tend to hide it for all but the network admins so that we can magically recover email messages for the users (make them wait a couple of hours, huff and puff about it being a complex procedure and if they are of the opposite sex and good looking use it as an excuse to chat them up).

If the user was savvy enought to flush it out of DIR as well, then you will need to build a recovery server and install another copy of Exchange to restore from backups. There is a very good white paper from Microsoft which I usually follow when I need to do this.

Simon.
Avatar of SpreadTheWord

ASKER

OK - but even from backups - if they send an email and immeadiatly delete and purge it - it will not be found on a backup.
yes... but it will still be recovered if you follow the instruction I've given you.

- Info
I understand - I am not trying to recover this set of emails - I just don't want this to be a problem later. We need to retain documentation for three years. If for example someone deleted something 2 years ago that I want to see that won't work.  It wouldn't make sense to set the deleted item retention to 1095 days would it?
The solution is good backup strategy.  That's why it's called retention.  You should always backup different sets of backups for this particular purpose.  For example, make a backup and store it in a different location, or rotate your backup media.

Here's what I do when I don't have money to keep up the retention requirement:

1.  Work closely with HR for possible layoffs/firing, then backup their data PRIOR to announcement

2.  Confisticate their equipment if necessary

3.  All you need is probably retention period of 1 week. Even in your case the user deletes his email, you'll know in 1 day and should still be able to recover the data.  

4.  Backup their exchange data to PST using Exmerge, burn it to CD or DVD and mark it... Move it to a safe or something until your retention period expires.

This does not just cover data security/retention for Exchange, but to all business data and applications.

- Info
I am sorry this has gone back and forth so much - but the problem remains.  Say a person sends an email to ABC@ABC.com and deletes it directly afterward. Months go by and for some reason or another I need all records of emails sent to ABC@ABC.com in the last 3 years.  That email will not be in the folder, backup, or DIR.
ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sembee is correct.  The government is not going to blame you if you show that you have tried to do everything according to compliance.  As long as you backup the data, and archive it, the SHOWS that you are doing what you are doing to reach compliance, then the rest of the blames falls on the employee who deletes the data... AS LONG AS YOU HAVE TOLD YOUR EMPLOYEES THAT'S A NO-NO.

In a typcial data-recovery scenario, I would change tapes on a daily basis, then rotate the tapes, and keep a good setup for the MONTHLY backup, etc.  That does not prevent the scenario you talked about, which someone deletes all of the emails 3 years ago, and you just learn about it....

However, as long as you show that you save your backups on a grand-father --> Father --> Son type of setup, you are doing your job.  To simply keep a transaction record of everything that is sent, saved, deleted, forwarded, etc. etc., is just not cost-effective, and I'd say that 99.99% of the business out there WILL go bankrupt on the cost of hardware and software to implement it.

- Info
Ended up using the method of saving a copy of EVERY email sent in and out of the mail server to another mailbox. Nasty I know - but the guys in charge around here want EVERYTHING saved and documented. Thanks everyone.