Solved

Exchange 2003 - Anonymous Email only account?

Posted on 2009-03-31
26
889 Views
Last Modified: 2012-05-06
I know how to setup an an e-mail account with delivery restrictions, etc...however, I was wondering if anyone could help me with creating an account ONLY for e-mail.  

I want to setup an anonymous e-mail account for complaints/whistleblowing/suggestions, etc...that's easy enough.  However, I don't want people to use this account to log into computers.  While that probably won't happen, I'd like to make it so they can't do that [so if somebody gets fired and their account gets disabled, they can't log in with the anonymous account, etc...]

How do I go about doing this?
0
Comment
Question by:wgchangprosetta
  • 11
  • 10
  • 3
26 Comments
 

Author Comment

by:wgchangprosetta
Comment Utility
What about this?

Under the account properties, I click on "Log On To..." and click the "The following computers" radio button.  I then enter in a fake computer name and click Add.  In theory, then that account will now not be able to log into any computer except the fake computer I added, which doesn't exist, so they can't log into any computer.  Is that correct?  

Also, after I add a fake computer and go back in, I can remove the fake computer I added and still click OK, which allows the "The following computers" radio button to stay filled but have a blank list.  Will that still work?
0
 

Author Comment

by:wgchangprosetta
Comment Utility
OK, just in case anyone else is curious, deleting the computer after adding it makes it seem like a blank list will hold, but it doesn't.  You have to have some random fake name in there.  Then it works and the user can't login to any computer in the domain.  INCLUDING the Exchange server, which then means that they can't login to OWA to send the anonymous e-mail.

So does anyone know of a way to restrict domain login to the account except for Outlook Web Access?  Or am I asking for an impossible solution?

Thanks!
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
Right click on the User name in AD Users and Computers
Click EXCHANGE TASKS

See photo.  Does this help you?
Exchange-Task-Wizard.jpg
0
 

Author Comment

by:wgchangprosetta
Comment Utility
Sorry, I don't understand how that's supposed to help...?

Outlook Web Access is enabled, but if I don't allow the account to login to the Exchange server, then it can't login to OWA.  

I want the account to have access to OWA, and OWA only.  I've gotten it to where the anonymous account can't log on to any computer except the Exchange server, it can't receive e-mails, and can only send e-mails to internal addresses.  I'm just wondering at this point if there's a way to have it not be able to log on to the Exchange server locally, but only through OWA.  it's kind of a moot point at this juncture, I guess, but I'm just curious now if there's a way to have a domain account have e-mail access and only e-mail access.
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
How about forwarding the email to an external 3rd party like Gmail?  This would remove the connection you're trying to avoid.  I know that's not what you're really looking for, but at the same time, I think you are infact asking the impossible question.

It's like asking if you can live on the moon while still on Earth.... kinda.
Really, I think it's more comparable to wanting to drive a car but without the use of an engine.  Sadly, in your case, you can't pop it in neutral and roll down a hill.  I am eager to see if this is has a possible solution.
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
Even if you lockout an account's logon, I think OWA is still active.
0
 

Author Comment

by:wgchangprosetta
Comment Utility
Nope, I tried.  If I limit the logon to only the fake computer, I can't log on to OWA.  As soon as I add the Exchange server to the list of computers the account is authorized to log on to, I can log on to OWA.
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
What about that 3rd party suggestion with gmail?  Would that be somewhat headed in the right area?
0
 

Author Comment

by:wgchangprosetta
Comment Utility
Nope, that would defeat the purpose of the e-mail account.  We want people to be able to anonymously submit complaints/suggestions.  If I forwarded to a Gmail account, I would have to define who the e-mail then gets forwarded to after that.  Then the person submitting the complaint/suggestion wouldn't be able to determine who to send it to.  In some cases, they might want to send directly to their supervisor, in other cases, the CEO, or HR, etc...
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
Have you considered writing something similar to this?
http://send-anonymous-email.com/
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
Comment Utility
No such thing as anonymous email in Exchange. All email internally is authenticated.

The method that has been suggested before is to use a web site, possibly one outside, that the users can enter the text in to and then the web page turns it in to an email and sends it to a mailbox or public folder.

By using an external web host the IP address in the logs is your corporate IP and therefore cannot be traced. If you were to use an internal server then the internal IP address would be in the logs.

Simon.
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
Experts Exchange considers a "cannot be done" answer to be a valid answer. Therefore my last posting is correct. I therefore object to the question being deleted.

Simon.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
Or... was my post correct?  LOL

"What about that 3rd party suggestion with gmail?  Would that be somewhat headed in the right area?"
0
 

Accepted Solution

by:
wgchangprosetta earned 0 total points
Comment Utility
I ended up creating an account that couldn't log on to any computers except the Exchange server, and the password can't be changed.  The only caveat is that the users have to manually delete the e-mails they send.
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
When you say, "couldn't log on", you mean they can remote connect to this computer or are they using OWA still?  This is still not "anonymous".  
0
 

Author Comment

by:wgchangprosetta
Comment Utility
They are logging on as the anonymous user.  
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
That isn't an anonymous account.
It can be easily tracked who logged in to the account, where from. I certainly wouldn't dream of sending anything through that account.

Simon.
0
 
LVL 8

Assisted Solution

by:MrMintanet
MrMintanet earned 250 total points
Comment Utility
The IP is still tracked.  I suppose the word "anonymous" can have alternate meanings or diminished meanings depending upon legal concerns and HR policies.  

Are you having the user remote connect to the exchange server, then launching the e-mail?  I'm just curious as to your solution to the problem.  Details are very much desired.
0
 

Author Comment

by:wgchangprosetta
Comment Utility
People are using OWA to login to the account.  We are not tracking IP addresses at this point, because this is an anonymous e-mail account for sending complaints to the CEO, not sending OMG-Bob-is-a-terrorist-planning-to-detonate-a-nuclear-bomb type e-mails.  The comment I marked as a solution covers how I set up the account.  Can't login to any local computers, can't receive e-mails, can only send e-mails to internal addresses, can't change the password, etc...
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
How are you not tracking the IP addresses?  I still have no idea why you didn't get a 3rd party e-mail setup with a forwarder to your CEO...  This is really not what I'd call the ideal solution to say the least.  This is my opinion....  You should have probably went to the company who is hosting your domain name, and setup an e-mail address using a simple forwarder.

So here's what I'd have done:

*ring* *ring*

"Hello, this is GoDaddy.  How may I help you?"

"Yes, please setup an e-mail address with webmail on my domain, 'sillyadmin.net'."

"No problem, sir.  What would you like the logon information to be?"

"Anon@sillyadmin.net should be fine."

"You're all set.  Bye."

*after the phone call*

I would then create an A Host that points to "anon.sillyadmin.net" on my domain.

I would then go to this website... http://www.thescarms.com/dotnet/Email.aspx  and use the code to compose a form/app that launches a tiny application to send e-mails with attachments using the SMTP services provided at GoDaddy.

I would then set the GoDaddy account to forward all inbound e-mail to the CEO's e-mail address.

I would then give myself a pat on the back.
0
 

Author Comment

by:wgchangprosetta
Comment Utility
That is an option.  But this way, everything stays internal, and as I mentioned before, going the 3rd party route wasn't part of the original question.  I appreciate your input though.  
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
Yes, but the benefit of my solution is that I didn't have to modify my active directory settings just to establish an email account that will more than likely never be used.
0
 

Author Comment

by:wgchangprosetta
Comment Utility
The only modification I had to do was create an AD user and customize the account.  I don't see what's so bad about that?
0
 
LVL 8

Expert Comment

by:MrMintanet
Comment Utility
What group in AD is this account a member of?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
Learn about cloud computing and its benefits for small business owners.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now