Allow email access, but no network access to former employees

We have some user that are no longer with the company, but managment would still like to allow them access to their company email for so many days, but not allow them any network access/logon rights. Striclty email/webmail access, nothing more. We are in a server 2003 domain, using Exchange 2003.

Thanks for the help,
Who is Participating?
Jay_Jay70Connect With a Mentor Commented:

create a security group and add all the users in. On each server, hit the local policy and dissalow access from the network for that group

Use GPO to specify a home page for webmail and dont let them change, you can also configure contect advisor so they cannot go anywhere else


Don't disable/delete their account.  Only allow their accounts to logonto the exchange server in their account properties.  I believe that this is the simplest way.  Then set their account to expire completely after so many days.  This way they can't get onto the network, they can see their e-mail and after the predetermined time, they no longer have access to any of it.

good luck...a
what I would do is change the password to their accounts so they have no access and then in AD on the users properties go to Exchange General tab and then delivery options. Then forward all email to an external email account they have. That way they have no access to any of your servers this totally minimising the companies risk to attacks etc.
Forced accept.

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.