Solved

Customer with Exchange concerned  staff are reading his mail

Posted on 2011-02-14
7
361 Views
Last Modified: 2012-05-11
I have a key client who is fairly sure that his staff are able to read his email
He changes his password every 30 days
He is using MS exchange 2003 outlook 2003
Important information has only been relayed via email between him and his boss
He is a director and his boss is the business owner. It would be very confidential information  between the two, and not shared anywhere else

Over time, again and again, general staff have been able to spread rumours  about items that have only came up in his email
There is only myself and one other person (an internal staff member) with Admin access to the server that I know of
The last time the Admin password was changed was about 6 mounts ago obviously this needs changed again

However, I need to create a list of varies ways that geranial staff or administrators could read the director's email

thank you for all your suggestions and help

robbie

 
0
Comment
Question by:IP4IT Staff
7 Comments
 
LVL 7

Accepted Solution

by:
Cuteadder earned 84 total points
ID: 34888454
double check the directors mailbox settings...
0
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 83 total points
ID: 34888509
I personally doubt they have his password, so I'm providing some ways around that:

1. They could have delegated access to his inbox from his workstation (or any system logged on as him) at some point, and then on their own system used "Open another user's folder" and seen it that way. That would get around any password changes.

2. They could have functionally done the same thing from within Active Directory Users and Computers by giving themselves full mailbox access on his user object. In either case, I'd check there to see if any suspicious accounts are included on the permissions list.

3. They could simply have installed a VNC-like tool on his computer so that they could look over his shoulder at his mail when he has it open.

4. Again, if permissions haven't been set properly on the server, then it's possible that if a user goes to OWA and put the director's mailbox name at the end of the URL and get into the mailbox that way: https://server.domain.com/exchange/director
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 83 total points
ID: 34891221
Domain admin can add any user mailbox to their Outlook profile without any trouble.

Delegated access as stated before.

Archiving tools allow database access offline from Exchange.  Look for tools like GFI MailArchiver or any number of other off-server archiving/monitoring software.  You can delegate read permissions separate from Active Directory, so even a user-level login could read message traffic from someone not deletgated via Active Directory.

The easiest:  sit down at the computer and read it.  You'd be surprised how many C-level officers do not lock their screens, even at night.  I lock mine before I stand up from my chair, even if I'm just walking 3 steps over to the printer.

Spouse or other personal confidant(e) also has social relationship with someone in the office.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 8

Assisted Solution

by:lancecurwensville
lancecurwensville earned 166 total points
ID: 34896309
You had stated that one of the two persons changes their password every 30 days, what about the other?
Under Mail-Delivery tab for those user(s), are they the only email address listed for delivery?
Keystroke logging software and/or hardware installed on either machine.
You didn't state if they were hard-wired or wireless, if wireless, packets could be captured.
You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD.
0
 

Author Comment

by:IP4IT Staff
ID: 34897284
Hi lancecurwensville:

Thanks for your reply
Here are the answers to your questions

You had stated that one of the two persons changes their password every 30 days, what about the other? All users in the company change their passwords this is required by AD

You didn't state if they were hard-wired or wireless, if wireless, packets could be captured. All PC are hard-wired

You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD. Yes there is only one admin user account
      
Thanks
Robbie
0
 
LVL 8

Assisted Solution

by:lancecurwensville
lancecurwensville earned 166 total points
ID: 34898563
If there are no other admin access and you've locked down the administrator accnt (change password), neither of the boss's passwords are compromised.....

other areas:  
1.  Mailbox Rights (ad/user prop/exchang advanced/mailbox rights)
2.  Mail Forwarding (ad/user prop/exchang gen/deliv optio/forwarding adddress)
3.  VNC or some equivalent installed on boss's systems
4.  boss's systems have c$ enabled and people copying .pst file then restoring
0
 
LVL 2

Assisted Solution

by:cblapp
cblapp earned 84 total points
ID: 34907727
Just a low-tech possibility, but are you sure he doesn't walk away from his computer without locking it?  If he trust the screen saver password option, but it's set for 15 minutes, that's 15 minutes of unprotected access where someone could access his PC and batch copy his emails or pst to an external drive.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now