Solved

Customer with Exchange concerned  staff are reading his mail

Posted on 2011-02-14
7
368 Views
Last Modified: 2012-05-11
I have a key client who is fairly sure that his staff are able to read his email
He changes his password every 30 days
He is using MS exchange 2003 outlook 2003
Important information has only been relayed via email between him and his boss
He is a director and his boss is the business owner. It would be very confidential information  between the two, and not shared anywhere else

Over time, again and again, general staff have been able to spread rumours  about items that have only came up in his email
There is only myself and one other person (an internal staff member) with Admin access to the server that I know of
The last time the Admin password was changed was about 6 mounts ago obviously this needs changed again

However, I need to create a list of varies ways that geranial staff or administrators could read the director's email

thank you for all your suggestions and help

robbie

 
0
Comment
Question by:IP4IT Staff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 7

Accepted Solution

by:
Cuteadder earned 84 total points
ID: 34888454
double check the directors mailbox settings...
0
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 83 total points
ID: 34888509
I personally doubt they have his password, so I'm providing some ways around that:

1. They could have delegated access to his inbox from his workstation (or any system logged on as him) at some point, and then on their own system used "Open another user's folder" and seen it that way. That would get around any password changes.

2. They could have functionally done the same thing from within Active Directory Users and Computers by giving themselves full mailbox access on his user object. In either case, I'd check there to see if any suspicious accounts are included on the permissions list.

3. They could simply have installed a VNC-like tool on his computer so that they could look over his shoulder at his mail when he has it open.

4. Again, if permissions haven't been set properly on the server, then it's possible that if a user goes to OWA and put the director's mailbox name at the end of the URL and get into the mailbox that way: https://server.domain.com/exchange/director
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 83 total points
ID: 34891221
Domain admin can add any user mailbox to their Outlook profile without any trouble.

Delegated access as stated before.

Archiving tools allow database access offline from Exchange.  Look for tools like GFI MailArchiver or any number of other off-server archiving/monitoring software.  You can delegate read permissions separate from Active Directory, so even a user-level login could read message traffic from someone not deletgated via Active Directory.

The easiest:  sit down at the computer and read it.  You'd be surprised how many C-level officers do not lock their screens, even at night.  I lock mine before I stand up from my chair, even if I'm just walking 3 steps over to the printer.

Spouse or other personal confidant(e) also has social relationship with someone in the office.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 8

Assisted Solution

by:lancecurwensville
lancecurwensville earned 166 total points
ID: 34896309
You had stated that one of the two persons changes their password every 30 days, what about the other?
Under Mail-Delivery tab for those user(s), are they the only email address listed for delivery?
Keystroke logging software and/or hardware installed on either machine.
You didn't state if they were hard-wired or wireless, if wireless, packets could be captured.
You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD.
0
 

Author Comment

by:IP4IT Staff
ID: 34897284
Hi lancecurwensville:

Thanks for your reply
Here are the answers to your questions

You had stated that one of the two persons changes their password every 30 days, what about the other? All users in the company change their passwords this is required by AD

You didn't state if they were hard-wired or wireless, if wireless, packets could be captured. All PC are hard-wired

You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD. Yes there is only one admin user account
      
Thanks
Robbie
0
 
LVL 8

Assisted Solution

by:lancecurwensville
lancecurwensville earned 166 total points
ID: 34898563
If there are no other admin access and you've locked down the administrator accnt (change password), neither of the boss's passwords are compromised.....

other areas:  
1.  Mailbox Rights (ad/user prop/exchang advanced/mailbox rights)
2.  Mail Forwarding (ad/user prop/exchang gen/deliv optio/forwarding adddress)
3.  VNC or some equivalent installed on boss's systems
4.  boss's systems have c$ enabled and people copying .pst file then restoring
0
 
LVL 2

Assisted Solution

by:cblapp
cblapp earned 84 total points
ID: 34907727
Just a low-tech possibility, but are you sure he doesn't walk away from his computer without locking it?  If he trust the screen saver password option, but it's set for 15 minutes, that's 15 minutes of unprotected access where someone could access his PC and batch copy his emails or pst to an external drive.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question