• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 665
  • Last Modified:

Can anyone in IT read my mail...?

Ethics and business policy aside, can they?  What I am asking is this, can anyone in our IT department, with administrative rights, easily browse user mailboxes, look at sent mail, etc?  I suspect this is happening at my company and don't know what to do about it because I think it may start with the overly paranoid MIS Manager  ("..is someone writing something bad about me or my department?, etc, etc.")

All input appreciated.

0
snyperj
Asked:
snyperj
  • 5
  • 4
  • 3
  • +1
2 Solutions
 
bcrosby007Commented:
Yes. It is very easy to read others email with permissions.
0
 
bcrosby007Commented:
They can actually add everyones email accounts to Outlook for quick browsing. This is why you have to have faith in your Exchange Administrator. I would reccomend only making a few employees an Exchange Admin. Naturally, you can do auditing...
0
 
bcrosby007Commented:
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
snyperjAuthor Commented:
"Naturally, you can do auditing..."

Meaning as a company you can do auditing, right?  Not that I could do any myself to see if anyone is reading my junk?
0
 
bcrosby007Commented:
Correct. If you read the KB at the top. You have to turn on some logging and then monitor logs. I have never seen third party software that does this from your Oultook PC. I reccomend getting a internet email account if you are worred about your company reading your personal email... They can still monitor that, but it is not quite as easy.
0
 
flaphead_comCommented:
I had a customer where the CIO's PA had given everyone full rights to her mailbox .. doh!

Check this out: http://blogs.flaphead.dns2go.com/archive/2007/04/04/auditing-within-exchange-200x.aspx
It might help.  It is also possible to dump the permissions set to .. What version of Exchange are we talking about?
0
 
snyperjAuthor Commented:
>"What version of Exchange are we talking about?"

We just upgraded from 5.5 to 2007 last weekend
0
 
nidashCommented:
If you are worried that any tom, dick or harry in IT can read your emails, the short answer is no. If the user is a exchange administrator and manages a domain controller yes he/she can.

All depends on how the permissions are set.
0
 
flaphead_comCommented:
Exchange 2007 has the following predefined groups that manage Exchange configuration data:
-Exchange Organization Administrators
-Exchange Recipient Administrators
-Exchange Server Administrators
-Exchange View-Only Administrators
-Exchange Public Folder Administrators
Suppose the main rights to worry about SendAs/ReceiveAs and following have an explicit deny for both:
-Domain Admin Group
-Enterprise Admin Group
-Exchange Organization Administrators
-Delegates of Exchange 2007 Server Administrator Role
So you could dump out the mailbox permissions for a user by running:

get-mailbox <Mailbox> Get-ADPermission

The problem is that is just for mailbox and not delegated rights to folders :-| so an Admin could have granted rights to his/her account
0
 
flaphead_comCommented:
you could also try
>get-mailbox <mailbox> | Get-MailboxPermission

but you still can't see the mailbox folders delegated permisions
0
 
flaphead_comCommented:
Okay pfdavadmin will allow you to export the folder permissions for a mailbox!

http://www.microsoft.com/downloads/details.aspx?FamilyId=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en
0
 
snyperjAuthor Commented:
good enough... thanks
0
 
flaphead_comCommented:
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now