MS Exchange Server and E-mail security

A question about e-mail security.  Is the only way to view someone's exchange account from an admin perspective to change the password?  Is it possible for some users to get password notifications and others not.  Can you force a user to change their password the next time they log in?

Just asking because I think something is happening that shouldn't and I am not versed in Active Directory or exchange.

D
dialdnAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
lamaslanyConnect With a Mentor Commented:
It may be that the password for person X was set more recently than everyone elses - this would set the clock back to 0 as it were.  (I think that the default is to change your password every 42 days).
0
 
lamaslanyCommented:
"Is the only way to view someone's exchange account from an admin perspective to change the password?"
No.  An admin can give themselves full access to the mailbox and open it using their own credentials (via Outlook and OWA)

"Is it possible for some users to get password notifications and others not."
Not sure what you are referring to here.

"Can you force a user to change their password the next time they log in?"
Yes.  Using the ADU&C snap-in you can open the properties of a user within AD, click on the Account tab and tick "User must change password at next logon"

With that question in mind I'll go back to your second question.  A user will see the request to change their password when they log into a desktop session - if they access via OWA they will not see such a request (I think - I certainly don't remember it).
0
 
dialdnAuthor Commented:
Ok, here is the situation.  A group of us use exchange via Outlook.  We all get notices saying "you have x days" to change your password.  Except one user who does not get the reminders.  All of sudden they are requested to change their password (it's happened twice in a row and not before that).  The action seems suspect and may be an attempt at snooping by IS staff but not sure??
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
isaman07Commented:
Well, the passwords can be changed by an administrator through Active directory users and computers by right clicking on the username and choosing change password.
If you want a user to change the password the next time they login, change their password as admin as mentioned above and check the option that says user must change password at next  logon.
Yes it possible that some users get notifications and some others don't, only if users are members of different organizational units and there are different password policies applied on each OU.
Example, if a user is member of accoutning organizational unit and there is a password policy applied on that department so that users must change the password every 3 months, they will get notificaions automatically before the dateline weather they logon their email accounts or active directory computers, now if there are other departemnts where that password change period is set to 9 months, they well not get notifications as often as the accounting people.
Ho[e this helps.
0
 
dialdnAuthor Commented:
Is there a simple way to tell if the IS/IT group are looking at mail?
0
 
isaman07Commented:
Check through active directiry users and computers the properties of that user by right clicking the username and choosing properties, then click the account tab and make sure that password never expires is unchecked in the account options section, because if password never expires is checked, it overrides the password policies on the organizational Unit or domain level.
0
 
dialdnAuthor Commented:
Thanks
0
 
isaman07Commented:
If you have access to ESM (exchange system manager) you can check who logges in the mailbox the last time. Or if there are new emails that are not bold.
0
 
dialdnAuthor Commented:
Will it log the last 5 or so or just the last one beyond the account owner?
0
 
lamaslanyCommented:
If you enable auditing you can see who made what changes and when but most of this is not enabled by default.  In addition an admin can always disable logging or obfuscate such attemps.  And as they are admins it would be trivial for them to crack your password or install a keylogger.  They could also capture the email traffic on the wire (as it comes into or out of the server).

If you cannot trust your admins you have a problem.
0
 
dialdnAuthor Commented:
That's the issue we need to sort out.  Thanks again.
0
All Courses

From novice to tech pro — start learning today.