Solved

Customer with Exchange concerned  staff are reading his mail

Posted on 2011-02-14
7
360 Views
Last Modified: 2012-05-11
I have a key client who is fairly sure that his staff are able to read his email
He changes his password every 30 days
He is using MS exchange 2003 outlook 2003
Important information has only been relayed via email between him and his boss
He is a director and his boss is the business owner. It would be very confidential information  between the two, and not shared anywhere else

Over time, again and again, general staff have been able to spread rumours  about items that have only came up in his email
There is only myself and one other person (an internal staff member) with Admin access to the server that I know of
The last time the Admin password was changed was about 6 mounts ago obviously this needs changed again

However, I need to create a list of varies ways that geranial staff or administrators could read the director's email

thank you for all your suggestions and help

robbie

 
0
Comment
Question by:IP4IT Staff
7 Comments
 
LVL 7

Accepted Solution

by:
Cuteadder earned 84 total points
ID: 34888454
double check the directors mailbox settings...
0
 
LVL 6

Assisted Solution

by:Shack-Daddy
Shack-Daddy earned 83 total points
ID: 34888509
I personally doubt they have his password, so I'm providing some ways around that:

1. They could have delegated access to his inbox from his workstation (or any system logged on as him) at some point, and then on their own system used "Open another user's folder" and seen it that way. That would get around any password changes.

2. They could have functionally done the same thing from within Active Directory Users and Computers by giving themselves full mailbox access on his user object. In either case, I'd check there to see if any suspicious accounts are included on the permissions list.

3. They could simply have installed a VNC-like tool on his computer so that they could look over his shoulder at his mail when he has it open.

4. Again, if permissions haven't been set properly on the server, then it's possible that if a user goes to OWA and put the director's mailbox name at the end of the URL and get into the mailbox that way: https://server.domain.com/exchange/director
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 83 total points
ID: 34891221
Domain admin can add any user mailbox to their Outlook profile without any trouble.

Delegated access as stated before.

Archiving tools allow database access offline from Exchange.  Look for tools like GFI MailArchiver or any number of other off-server archiving/monitoring software.  You can delegate read permissions separate from Active Directory, so even a user-level login could read message traffic from someone not deletgated via Active Directory.

The easiest:  sit down at the computer and read it.  You'd be surprised how many C-level officers do not lock their screens, even at night.  I lock mine before I stand up from my chair, even if I'm just walking 3 steps over to the printer.

Spouse or other personal confidant(e) also has social relationship with someone in the office.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 8

Assisted Solution

by:lancecurwensville
lancecurwensville earned 166 total points
ID: 34896309
You had stated that one of the two persons changes their password every 30 days, what about the other?
Under Mail-Delivery tab for those user(s), are they the only email address listed for delivery?
Keystroke logging software and/or hardware installed on either machine.
You didn't state if they were hard-wired or wireless, if wireless, packets could be captured.
You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD.
0
 

Author Comment

by:IP4IT Staff
ID: 34897284
Hi lancecurwensville:

Thanks for your reply
Here are the answers to your questions

You had stated that one of the two persons changes their password every 30 days, what about the other? All users in the company change their passwords this is required by AD

You didn't state if they were hard-wired or wireless, if wireless, packets could be captured. All PC are hard-wired

You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD. Yes there is only one admin user account
      
Thanks
Robbie
0
 
LVL 8

Assisted Solution

by:lancecurwensville
lancecurwensville earned 166 total points
ID: 34898563
If there are no other admin access and you've locked down the administrator accnt (change password), neither of the boss's passwords are compromised.....

other areas:  
1.  Mailbox Rights (ad/user prop/exchang advanced/mailbox rights)
2.  Mail Forwarding (ad/user prop/exchang gen/deliv optio/forwarding adddress)
3.  VNC or some equivalent installed on boss's systems
4.  boss's systems have c$ enabled and people copying .pst file then restoring
0
 
LVL 2

Assisted Solution

by:cblapp
cblapp earned 84 total points
ID: 34907727
Just a low-tech possibility, but are you sure he doesn't walk away from his computer without locking it?  If he trust the screen saver password option, but it's set for 15 minutes, that's 15 minutes of unprotected access where someone could access his PC and batch copy his emails or pst to an external drive.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now