• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 382
  • Last Modified:

Customer with Exchange concerned staff are reading his mail

I have a key client who is fairly sure that his staff are able to read his email
He changes his password every 30 days
He is using MS exchange 2003 outlook 2003
Important information has only been relayed via email between him and his boss
He is a director and his boss is the business owner. It would be very confidential information  between the two, and not shared anywhere else

Over time, again and again, general staff have been able to spread rumours  about items that have only came up in his email
There is only myself and one other person (an internal staff member) with Admin access to the server that I know of
The last time the Admin password was changed was about 6 mounts ago obviously this needs changed again

However, I need to create a list of varies ways that geranial staff or administrators could read the director's email

thank you for all your suggestions and help

robbie

 
0
IP4IT Staff
Asked:
IP4IT Staff
6 Solutions
 
CuteadderCommented:
double check the directors mailbox settings...
0
 
Shack-DaddyCommented:
I personally doubt they have his password, so I'm providing some ways around that:

1. They could have delegated access to his inbox from his workstation (or any system logged on as him) at some point, and then on their own system used "Open another user's folder" and seen it that way. That would get around any password changes.

2. They could have functionally done the same thing from within Active Directory Users and Computers by giving themselves full mailbox access on his user object. In either case, I'd check there to see if any suspicious accounts are included on the permissions list.

3. They could simply have installed a VNC-like tool on his computer so that they could look over his shoulder at his mail when he has it open.

4. Again, if permissions haven't been set properly on the server, then it's possible that if a user goes to OWA and put the director's mailbox name at the end of the URL and get into the mailbox that way: https://server.domain.com/exchange/director
0
 
aleghartCommented:
Domain admin can add any user mailbox to their Outlook profile without any trouble.

Delegated access as stated before.

Archiving tools allow database access offline from Exchange.  Look for tools like GFI MailArchiver or any number of other off-server archiving/monitoring software.  You can delegate read permissions separate from Active Directory, so even a user-level login could read message traffic from someone not deletgated via Active Directory.

The easiest:  sit down at the computer and read it.  You'd be surprised how many C-level officers do not lock their screens, even at night.  I lock mine before I stand up from my chair, even if I'm just walking 3 steps over to the printer.

Spouse or other personal confidant(e) also has social relationship with someone in the office.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
lancecurwensvilleCommented:
You had stated that one of the two persons changes their password every 30 days, what about the other?
Under Mail-Delivery tab for those user(s), are they the only email address listed for delivery?
Keystroke logging software and/or hardware installed on either machine.
You didn't state if they were hard-wired or wireless, if wireless, packets could be captured.
You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD.
0
 
IP4IT StaffAuthor Commented:
Hi lancecurwensville:

Thanks for your reply
Here are the answers to your questions

You had stated that one of the two persons changes their password every 30 days, what about the other? All users in the company change their passwords this is required by AD

You didn't state if they were hard-wired or wireless, if wireless, packets could be captured. All PC are hard-wired

You stated that there were only two individuals with access to administrative priviledges, have you run any tools to ensure that there aren't other users with admin access or additional "backdoor admins" that have been added to AD. Yes there is only one admin user account
      
Thanks
Robbie
0
 
lancecurwensvilleCommented:
If there are no other admin access and you've locked down the administrator accnt (change password), neither of the boss's passwords are compromised.....

other areas:  
1.  Mailbox Rights (ad/user prop/exchang advanced/mailbox rights)
2.  Mail Forwarding (ad/user prop/exchang gen/deliv optio/forwarding adddress)
3.  VNC or some equivalent installed on boss's systems
4.  boss's systems have c$ enabled and people copying .pst file then restoring
0
 
cblappCommented:
Just a low-tech possibility, but are you sure he doesn't walk away from his computer without locking it?  If he trust the screen saver password option, but it's set for 15 minutes, that's 15 minutes of unprotected access where someone could access his PC and batch copy his emails or pst to an external drive.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now