Solved

Can anyone in IT read my mail...?

Posted on 2008-10-31
13
658 Views
Last Modified: 2012-08-14
Ethics and business policy aside, can they?  What I am asking is this, can anyone in our IT department, with administrative rights, easily browse user mailboxes, look at sent mail, etc?  I suspect this is happening at my company and don't know what to do about it because I think it may start with the overly paranoid MIS Manager  ("..is someone writing something bad about me or my department?, etc, etc.")

All input appreciated.

0
Comment
Question by:snyperj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849364
Yes. It is very easy to read others email with permissions.
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849371
They can actually add everyones email accounts to Outlook for quick browsing. This is why you have to have faith in your Exchange Administrator. I would reccomend only making a few employees an Exchange Admin. Naturally, you can do auditing...
0
 
LVL 7

Expert Comment

by:bcrosby007
ID: 22849382
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:snyperj
ID: 22849389
"Naturally, you can do auditing..."

Meaning as a company you can do auditing, right?  Not that I could do any myself to see if anyone is reading my junk?
0
 
LVL 7

Accepted Solution

by:
bcrosby007 earned 250 total points
ID: 22849400
Correct. If you read the KB at the top. You have to turn on some logging and then monitor logs. I have never seen third party software that does this from your Oultook PC. I reccomend getting a internet email account if you are worred about your company reading your personal email... They can still monitor that, but it is not quite as easy.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22849785
I had a customer where the CIO's PA had given everyone full rights to her mailbox .. doh!

Check this out: http://blogs.flaphead.dns2go.com/archive/2007/04/04/auditing-within-exchange-200x.aspx
It might help.  It is also possible to dump the permissions set to .. What version of Exchange are we talking about?
0
 

Author Comment

by:snyperj
ID: 22849805
>"What version of Exchange are we talking about?"

We just upgraded from 5.5 to 2007 last weekend
0
 
LVL 2

Expert Comment

by:nidash
ID: 22850367
If you are worried that any tom, dick or harry in IT can read your emails, the short answer is no. If the user is a exchange administrator and manages a domain controller yes he/she can.

All depends on how the permissions are set.
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22850977
Exchange 2007 has the following predefined groups that manage Exchange configuration data:
-Exchange Organization Administrators
-Exchange Recipient Administrators
-Exchange Server Administrators
-Exchange View-Only Administrators
-Exchange Public Folder Administrators
Suppose the main rights to worry about SendAs/ReceiveAs and following have an explicit deny for both:
-Domain Admin Group
-Enterprise Admin Group
-Exchange Organization Administrators
-Delegates of Exchange 2007 Server Administrator Role
So you could dump out the mailbox permissions for a user by running:

get-mailbox <Mailbox> Get-ADPermission

The problem is that is just for mailbox and not delegated rights to folders :-| so an Admin could have granted rights to his/her account
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22851050
you could also try
>get-mailbox <mailbox> | Get-MailboxPermission

but you still can't see the mailbox folders delegated permisions
0
 
LVL 7

Assisted Solution

by:flaphead_com
flaphead_com earned 250 total points
ID: 22851291
Okay pfdavadmin will allow you to export the folder permissions for a mailbox!

http://www.microsoft.com/downloads/details.aspx?FamilyId=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en
0
 

Author Closing Comment

by:snyperj
ID: 31512013
good enough... thanks
0
 
LVL 7

Expert Comment

by:flaphead_com
ID: 22851505
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question