Solved

Can anyone in IT read my mail...?

Posted on 2008-10-31
13
660 Views
Last Modified: 2012-08-14
Ethics and business policy aside, can they?  What I am asking is this, can anyone in our IT department, with administrative rights, easily browse user mailboxes, look at sent mail, etc?  I suspect this is happening at my company and don't know what to do about it because I think it may start with the overly paranoid MIS Manager  ("..is someone writing something bad about me or my department?, etc, etc.")

All input appreciated.

0
Comment
Question by:snyperj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849364
Yes. It is very easy to read others email with permissions.
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849371
They can actually add everyones email accounts to Outlook for quick browsing. This is why you have to have faith in your Exchange Administrator. I would reccomend only making a few employees an Exchange Admin. Naturally, you can do auditing...
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849382
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:snyperj
ID: 22849389
"Naturally, you can do auditing..."

Meaning as a company you can do auditing, right?  Not that I could do any myself to see if anyone is reading my junk?
0
 
LVL 7

Accepted Solution

by:
bcrosby007 earned 250 total points
ID: 22849400
Correct. If you read the KB at the top. You have to turn on some logging and then monitor logs. I have never seen third party software that does this from your Oultook PC. I reccomend getting a internet email account if you are worred about your company reading your personal email... They can still monitor that, but it is not quite as easy.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22849785
I had a customer where the CIO's PA had given everyone full rights to her mailbox .. doh!

Check this out: http://blogs.flaphead.dns2go.com/archive/2007/04/04/auditing-within-exchange-200x.aspx
It might help.  It is also possible to dump the permissions set to .. What version of Exchange are we talking about?
0
 

Author Comment

by:snyperj
ID: 22849805
>"What version of Exchange are we talking about?"

We just upgraded from 5.5 to 2007 last weekend
0
 
LVL 2

Expert Comment

by:nidash
ID: 22850367
If you are worried that any tom, dick or harry in IT can read your emails, the short answer is no. If the user is a exchange administrator and manages a domain controller yes he/she can.

All depends on how the permissions are set.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22850977
Exchange 2007 has the following predefined groups that manage Exchange configuration data:
-Exchange Organization Administrators
-Exchange Recipient Administrators
-Exchange Server Administrators
-Exchange View-Only Administrators
-Exchange Public Folder Administrators
Suppose the main rights to worry about SendAs/ReceiveAs and following have an explicit deny for both:
-Domain Admin Group
-Enterprise Admin Group
-Exchange Organization Administrators
-Delegates of Exchange 2007 Server Administrator Role
So you could dump out the mailbox permissions for a user by running:

get-mailbox <Mailbox> Get-ADPermission

The problem is that is just for mailbox and not delegated rights to folders :-| so an Admin could have granted rights to his/her account
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22851050
you could also try
>get-mailbox <mailbox> | Get-MailboxPermission

but you still can't see the mailbox folders delegated permisions
0
 
LVL 7

Assisted Solution

by:flaphead_com
flaphead_com earned 250 total points
ID: 22851291
Okay pfdavadmin will allow you to export the folder permissions for a mailbox!

http://www.microsoft.com/downloads/details.aspx?FamilyId=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en
0
 

Author Closing Comment

by:snyperj
ID: 31512013
good enough... thanks
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22851505
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question