?
Solved

Can anyone in IT read my mail...?

Posted on 2008-10-31
13
Medium Priority
?
662 Views
Last Modified: 2012-08-14
Ethics and business policy aside, can they?  What I am asking is this, can anyone in our IT department, with administrative rights, easily browse user mailboxes, look at sent mail, etc?  I suspect this is happening at my company and don't know what to do about it because I think it may start with the overly paranoid MIS Manager  ("..is someone writing something bad about me or my department?, etc, etc.")

All input appreciated.

0
Comment
Question by:snyperj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849364
Yes. It is very easy to read others email with permissions.
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849371
They can actually add everyones email accounts to Outlook for quick browsing. This is why you have to have faith in your Exchange Administrator. I would reccomend only making a few employees an Exchange Admin. Naturally, you can do auditing...
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849382
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:snyperj
ID: 22849389
"Naturally, you can do auditing..."

Meaning as a company you can do auditing, right?  Not that I could do any myself to see if anyone is reading my junk?
0
 
LVL 7

Accepted Solution

by:
bcrosby007 earned 1000 total points
ID: 22849400
Correct. If you read the KB at the top. You have to turn on some logging and then monitor logs. I have never seen third party software that does this from your Oultook PC. I reccomend getting a internet email account if you are worred about your company reading your personal email... They can still monitor that, but it is not quite as easy.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22849785
I had a customer where the CIO's PA had given everyone full rights to her mailbox .. doh!

Check this out: http://blogs.flaphead.dns2go.com/archive/2007/04/04/auditing-within-exchange-200x.aspx
It might help.  It is also possible to dump the permissions set to .. What version of Exchange are we talking about?
0
 

Author Comment

by:snyperj
ID: 22849805
>"What version of Exchange are we talking about?"

We just upgraded from 5.5 to 2007 last weekend
0
 
LVL 2

Expert Comment

by:nidash
ID: 22850367
If you are worried that any tom, dick or harry in IT can read your emails, the short answer is no. If the user is a exchange administrator and manages a domain controller yes he/she can.

All depends on how the permissions are set.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22850977
Exchange 2007 has the following predefined groups that manage Exchange configuration data:
-Exchange Organization Administrators
-Exchange Recipient Administrators
-Exchange Server Administrators
-Exchange View-Only Administrators
-Exchange Public Folder Administrators
Suppose the main rights to worry about SendAs/ReceiveAs and following have an explicit deny for both:
-Domain Admin Group
-Enterprise Admin Group
-Exchange Organization Administrators
-Delegates of Exchange 2007 Server Administrator Role
So you could dump out the mailbox permissions for a user by running:

get-mailbox <Mailbox> Get-ADPermission

The problem is that is just for mailbox and not delegated rights to folders :-| so an Admin could have granted rights to his/her account
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22851050
you could also try
>get-mailbox <mailbox> | Get-MailboxPermission

but you still can't see the mailbox folders delegated permisions
0
 
LVL 7

Assisted Solution

by:flaphead_com
flaphead_com earned 1000 total points
ID: 22851291
Okay pfdavadmin will allow you to export the folder permissions for a mailbox!

http://www.microsoft.com/downloads/details.aspx?FamilyId=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en
0
 

Author Closing Comment

by:snyperj
ID: 31512013
good enough... thanks
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22851505
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question