Solved

How can I tell if an admin is reading other people's email in Exchange 2010?

Posted on 2010-11-10
4
1,309 Views
Last Modified: 2012-05-10
I am concerned that a fellow admin is accessing other people's email.  How can I tell for sure if this is happening?  And how is he doing it?  Thanks in advance.
0
Comment
Question by:LorrieT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 13

Assisted Solution

by:BCipollone
BCipollone earned 84 total points
ID: 34106225
He could have a forward set on their user profile that would forward the mail to another account. You can also check the permissions on the mailbox and see if there are any accounts added that should not be. Other than that if it is not being forwarded he would need to be reading the mail then marking it as unread. The only way to really know would be to see how the permissions are set on the mailboxes.

If there are trust issues there I would simply reduce his rights and not let him have access to the exchange server.
0
 
LVL 10

Expert Comment

by:Tyler Laczko
ID: 34106272
if you are using outlook you can read other ppls email by clicking

tools-> account settings
select your exchange account
change settings
more options
second tab contains add a mailbox
type the persons name in and add to your account
you can then see their mailbox in your outlook email.


to see if somebody is accessing other peoples email you can open the system manager on the mail server
drill down to mailboxes and there is a column LAST LOGGED IN BY

you would see his username there.
0
 
LVL 7

Accepted Solution

by:
Gladys Kerns earned 83 total points
ID: 34106342
You can also read someone else's mail in Exchange by enabling Journaling on the entire message store... and storing a copy of everything in an alternate box... and then filter that copy.

I've used this methodology before in Legal Discovery processes when we were pretty sure that a user was sending or getting something and then immediately doing a permanent delete.
0
 
LVL 12

Assisted Solution

by:FDiskWizard
FDiskWizard earned 83 total points
ID: 34106686
In Exchange 2003 ESM > Diagnostic logging... there was an option to log logons.
so someone opening a mailbox that isn't their's would be logged in the APP event log.
"joe user has logged into..... jane user's mailbox and is not the mailbox owner"

Have a look at this for 2010:
http://exchangeserverpro.com/managing-diagnostic-logging-with-exchange-server-2007
http://technet.microsoft.com/en-us/library/dd335139.aspx
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month9 days, 18 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question