We help IT Professionals succeed at work.

Looking for some "basic" info on Exchange server - email retention, archives, monitoring

TinaSC
TinaSC asked
on
Medium Priority
476 Views
Last Modified: 2012-06-09
I really don't know much about Exchange server, other than that we have it.  I don't know if these questions can be answered easily through here or if someone could refer to some good (free) resources for trying learn as much as I can.  Some questions have come up lately about e-mail.  

1) Is email somehow saved/archived on the server?  For example, if a disgruntled employee walked out today, could we get his/her old e-mails?  2) When people delete emails from Outlook, are they really "gone" or can they be retrieved?  

Thanks in advance.  Feel free to dummy down any responses.. I won't be insulted.. :-)
Comment
Watch Question

Expert of the Year 2007
Expert of the Year 2006
Commented:
I would suggest looking at msexchange.org or Microsoft.com.
You may also benefit from having an experienced Exchange consultant come in and sit with you for half a day. Get someone good and they will be able to let you know everything that you want to know.

To answer the specific questions...

1. Unless you setup archiving (it is not enabled by default) it is possible for a user to delete all trace of their email, in such a way that the backup will not even pick it up. That is by design and you cannot stop that.
2. As above - a user can delete all trace of an email message. There are a number of steps to go through to delete the messages, but it is possible to remove all trace. A backup can help, but if it is important that you have a trace of the message (regulatory reasons for example) then you need to keep a separate archive.

Both tasks can be managed by a process called journaling. At its basic level it keeps a copy of the email in the Exchange server. However this can quickly create a larger bloated store, so investing in something standalone would be the best option. An example product is GFI Mail Archiver, which runs on top of SQL.

Simon.
Yes there is retention period for mails in outlook if user has deleted the mails then you can recover that please check:

http://usdt.mylivevault.com/webhelp/TSK/bk_exchange_2K_exch.asp

Technical Team Lead
Commented:
1) Is email somehow saved/archived on the server?  For example, if a disgruntled employee walked out today, could we get his/her old e-mails?  

2) When people delete emails from Outlook, are they really "gone" or can they be retrieved?  

Both of these questions are dependent upon a few things; the deleted items retention policy on the exchange server, the type and frequency of backups, and, to a lesser degree, whether or not circular logging is enabled.

The deleted item retention period setting, when used in conjunction with a group policy setting specified below, will prevent a user from deleting all traces of their message. For example, our deleted item retention period is 10 days. That means that when one of our users deletes an item, it is in reality merely tagged as deleted. It does not appear in the original folder nor in Deleted items. After 10 days it is truly deleted. So even if said disgruntled user deletes everything out of their mailbox and empties their deleted items folder, we can still recover all those messages up to 10 days later without resorting to restoring from backup.

If it is enabled on your server, you can try this now in the Deleted Items folder. Empty your deleted items, then go to Tools and choose Recover Deleted Items (while still in the Deleted Items folder). You will see a list of the messages you just deleted.

Now, if the disgruntled user knows about the Recover Deleted Items feature, he can go into it and purge all deleted messages. This removes the "deleted" flag and actually deletes the message, regardless of your server's retention policy. You can prevent this with the Group Policy/registry settings described at http://support.microsoft.com/kb/924217. When applied to end-users, this will prevent them from accessing the Recover Deleted Items feature, which is the only way they can perform the purge.

Additionally, there is a registry key you can add to your local machine that will enable the Recover Deleted Items option in every folder, not just Deleted Items:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options]
"DumpsterAlwaysOn"=dword:00000001

If you are an exchange admin with the ability to open other users' mailboxes, you can add this registry entry on your own machine and have the ability to recover any users' deleted messages.

So, to recap:

1. Enable deleted item retention on the server and set a timeframe that makes sense for your environment.
2. Disable "recover deleted items" for end-users.
3. Enable global dumpster on your own workstation.

With these three changes, you can prevent the users from purging their retained deleted items, while at the same time giving yourself access to recover any message from any folder in any maibox.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.