Solved

How can I tell if an admin is reading other people's email in Exchange 2010?

Posted on 2010-11-10
4
1,302 Views
Last Modified: 2012-05-10
I am concerned that a fellow admin is accessing other people's email.  How can I tell for sure if this is happening?  And how is he doing it?  Thanks in advance.
0
Comment
Question by:LorrieT
4 Comments
 
LVL 13

Assisted Solution

by:BCipollone
BCipollone earned 84 total points
ID: 34106225
He could have a forward set on their user profile that would forward the mail to another account. You can also check the permissions on the mailbox and see if there are any accounts added that should not be. Other than that if it is not being forwarded he would need to be reading the mail then marking it as unread. The only way to really know would be to see how the permissions are set on the mailboxes.

If there are trust issues there I would simply reduce his rights and not let him have access to the exchange server.
0
 
LVL 10

Expert Comment

by:Tyler Laczko
ID: 34106272
if you are using outlook you can read other ppls email by clicking

tools-> account settings
select your exchange account
change settings
more options
second tab contains add a mailbox
type the persons name in and add to your account
you can then see their mailbox in your outlook email.


to see if somebody is accessing other peoples email you can open the system manager on the mail server
drill down to mailboxes and there is a column LAST LOGGED IN BY

you would see his username there.
0
 
LVL 7

Accepted Solution

by:
Gladys Kerns earned 83 total points
ID: 34106342
You can also read someone else's mail in Exchange by enabling Journaling on the entire message store... and storing a copy of everything in an alternate box... and then filter that copy.

I've used this methodology before in Legal Discovery processes when we were pretty sure that a user was sending or getting something and then immediately doing a permanent delete.
0
 
LVL 12

Assisted Solution

by:FDiskWizard
FDiskWizard earned 83 total points
ID: 34106686
In Exchange 2003 ESM > Diagnostic logging... there was an option to log logons.
so someone opening a mailbox that isn't their's would be logged in the APP event log.
"joe user has logged into..... jane user's mailbox and is not the mailbox owner"

Have a look at this for 2010:
http://exchangeserverpro.com/managing-diagnostic-logging-with-exchange-server-2007
http://technet.microsoft.com/en-us/library/dd335139.aspx
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now