Exchange 2003 - Anonymous Email only account?

I know how to setup an an e-mail account with delivery restrictions, etc...however, I was wondering if anyone could help me with creating an account ONLY for e-mail.  

I want to setup an anonymous e-mail account for complaints/whistleblowing/suggestions, etc...that's easy enough.  However, I don't want people to use this account to log into computers.  While that probably won't happen, I'd like to make it so they can't do that [so if somebody gets fired and their account gets disabled, they can't log in with the anonymous account, etc...]

How do I go about doing this?
wgchangprosettaAsked:
Who is Participating?
 
wgchangprosettaAuthor Commented:
I ended up creating an account that couldn't log on to any computers except the Exchange server, and the password can't be changed.  The only caveat is that the users have to manually delete the e-mails they send.
0
 
wgchangprosettaAuthor Commented:
What about this?

Under the account properties, I click on "Log On To..." and click the "The following computers" radio button.  I then enter in a fake computer name and click Add.  In theory, then that account will now not be able to log into any computer except the fake computer I added, which doesn't exist, so they can't log into any computer.  Is that correct?  

Also, after I add a fake computer and go back in, I can remove the fake computer I added and still click OK, which allows the "The following computers" radio button to stay filled but have a blank list.  Will that still work?
0
 
wgchangprosettaAuthor Commented:
OK, just in case anyone else is curious, deleting the computer after adding it makes it seem like a blank list will hold, but it doesn't.  You have to have some random fake name in there.  Then it works and the user can't login to any computer in the domain.  INCLUDING the Exchange server, which then means that they can't login to OWA to send the anonymous e-mail.

So does anyone know of a way to restrict domain login to the account except for Outlook Web Access?  Or am I asking for an impossible solution?

Thanks!
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
MrMintanetCommented:
Right click on the User name in AD Users and Computers
Click EXCHANGE TASKS

See photo.  Does this help you?
Exchange-Task-Wizard.jpg
0
 
wgchangprosettaAuthor Commented:
Sorry, I don't understand how that's supposed to help...?

Outlook Web Access is enabled, but if I don't allow the account to login to the Exchange server, then it can't login to OWA.  

I want the account to have access to OWA, and OWA only.  I've gotten it to where the anonymous account can't log on to any computer except the Exchange server, it can't receive e-mails, and can only send e-mails to internal addresses.  I'm just wondering at this point if there's a way to have it not be able to log on to the Exchange server locally, but only through OWA.  it's kind of a moot point at this juncture, I guess, but I'm just curious now if there's a way to have a domain account have e-mail access and only e-mail access.
0
 
MrMintanetCommented:
How about forwarding the email to an external 3rd party like Gmail?  This would remove the connection you're trying to avoid.  I know that's not what you're really looking for, but at the same time, I think you are infact asking the impossible question.

It's like asking if you can live on the moon while still on Earth.... kinda.
Really, I think it's more comparable to wanting to drive a car but without the use of an engine.  Sadly, in your case, you can't pop it in neutral and roll down a hill.  I am eager to see if this is has a possible solution.
0
 
MrMintanetCommented:
Even if you lockout an account's logon, I think OWA is still active.
0
 
wgchangprosettaAuthor Commented:
Nope, I tried.  If I limit the logon to only the fake computer, I can't log on to OWA.  As soon as I add the Exchange server to the list of computers the account is authorized to log on to, I can log on to OWA.
0
 
MrMintanetCommented:
What about that 3rd party suggestion with gmail?  Would that be somewhat headed in the right area?
0
 
wgchangprosettaAuthor Commented:
Nope, that would defeat the purpose of the e-mail account.  We want people to be able to anonymously submit complaints/suggestions.  If I forwarded to a Gmail account, I would have to define who the e-mail then gets forwarded to after that.  Then the person submitting the complaint/suggestion wouldn't be able to determine who to send it to.  In some cases, they might want to send directly to their supervisor, in other cases, the CEO, or HR, etc...
0
 
MrMintanetCommented:
Have you considered writing something similar to this?
http://send-anonymous-email.com/
0
 
MesthaCommented:
No such thing as anonymous email in Exchange. All email internally is authenticated.

The method that has been suggested before is to use a web site, possibly one outside, that the users can enter the text in to and then the web page turns it in to an email and sends it to a mailbox or public folder.

By using an external web host the IP address in the logs is your corporate IP and therefore cannot be traced. If you were to use an internal server then the internal IP address would be in the logs.

Simon.
0
 
MesthaCommented:
Experts Exchange considers a "cannot be done" answer to be a valid answer. Therefore my last posting is correct. I therefore object to the question being deleted.

Simon.
0
 
MrMintanetCommented:
Or... was my post correct?  LOL

"What about that 3rd party suggestion with gmail?  Would that be somewhat headed in the right area?"
0
 
MrMintanetCommented:
When you say, "couldn't log on", you mean they can remote connect to this computer or are they using OWA still?  This is still not "anonymous".  
0
 
wgchangprosettaAuthor Commented:
They are logging on as the anonymous user.  
0
 
MesthaCommented:
That isn't an anonymous account.
It can be easily tracked who logged in to the account, where from. I certainly wouldn't dream of sending anything through that account.

Simon.
0
 
MrMintanetCommented:
The IP is still tracked.  I suppose the word "anonymous" can have alternate meanings or diminished meanings depending upon legal concerns and HR policies.  

Are you having the user remote connect to the exchange server, then launching the e-mail?  I'm just curious as to your solution to the problem.  Details are very much desired.
0
 
wgchangprosettaAuthor Commented:
People are using OWA to login to the account.  We are not tracking IP addresses at this point, because this is an anonymous e-mail account for sending complaints to the CEO, not sending OMG-Bob-is-a-terrorist-planning-to-detonate-a-nuclear-bomb type e-mails.  The comment I marked as a solution covers how I set up the account.  Can't login to any local computers, can't receive e-mails, can only send e-mails to internal addresses, can't change the password, etc...
0
 
MrMintanetCommented:
How are you not tracking the IP addresses?  I still have no idea why you didn't get a 3rd party e-mail setup with a forwarder to your CEO...  This is really not what I'd call the ideal solution to say the least.  This is my opinion....  You should have probably went to the company who is hosting your domain name, and setup an e-mail address using a simple forwarder.

So here's what I'd have done:

*ring* *ring*

"Hello, this is GoDaddy.  How may I help you?"

"Yes, please setup an e-mail address with webmail on my domain, 'sillyadmin.net'."

"No problem, sir.  What would you like the logon information to be?"

"Anon@sillyadmin.net should be fine."

"You're all set.  Bye."

*after the phone call*

I would then create an A Host that points to "anon.sillyadmin.net" on my domain.

I would then go to this website... http://www.thescarms.com/dotnet/Email.aspx  and use the code to compose a form/app that launches a tiny application to send e-mails with attachments using the SMTP services provided at GoDaddy.

I would then set the GoDaddy account to forward all inbound e-mail to the CEO's e-mail address.

I would then give myself a pat on the back.
0
 
wgchangprosettaAuthor Commented:
That is an option.  But this way, everything stays internal, and as I mentioned before, going the 3rd party route wasn't part of the original question.  I appreciate your input though.  
0
 
MrMintanetCommented:
Yes, but the benefit of my solution is that I didn't have to modify my active directory settings just to establish an email account that will more than likely never be used.
0
 
wgchangprosettaAuthor Commented:
The only modification I had to do was create an AD user and customize the account.  I don't see what's so bad about that?
0
 
MrMintanetCommented:
What group in AD is this account a member of?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.