Solved

Rogue admin access to mail via Exchange 2007

Posted on 2012-03-09
8
387 Views
Last Modified: 2012-03-28
What can we do to secure our email so that a rogue Domain Admin can't read it?

Obviously he can't copy our PST files over the network while we have Outlook open, or while our laptops aren't on the network.  Can he download our mail from the Exchange server?  We are also Domain Admins and he doesn't have our logins.  If he changed them, we would obviously know.  

So can he download and read our mail from the server without us knowing?  If so, how can we secure our mail, or at least know if he has accessed it?

And please don't say something stupid like "don't make him domain admin" or "fire him."  These are not options right now.  

Thanks for your help.
0
Comment
Question by:readymade
  • 5
  • 2
8 Comments
 
LVL 1

Expert Comment

by:DGM87
ID: 37704117
Is there a way you can restrict his network access?  What server/network setup are you currently using?  Usually we just limit permissions in this case until one of the two "unspeakables" above become a viable choice.
0
 

Author Comment

by:readymade
ID: 37705377
Like I said, that's not an option right now.
0
 
LVL 47

Assisted Solution

by:apache09
apache09 earned 500 total points
ID: 37707638
Unfortunatley, as they are a domain Admin, there is virtually nothing you can do.

If there are particualr individuals of concern here you could go into their AD Account, Open their Mailbox Rights, and find the Domain Admin Entry

Here you can restrict the domain Admins Access to the entire mailbox by choosing Deny

UNfortunaly, this will also deny access to all other domain admins

And its likely that if this domain admin is accessing the mailbox for any particular reason they will check this setting

If they find their access has been denied,. all they need to do is re-instate it as they are the domain admin

What I would do, if this person is suspected of unauthorized access to Mailboxes
Have a look on the exchange server
Look at the Mailboxes in the mailbox store

Here you should find the Mailbox info/details as well as last logon By:

If the person is question is accessing the mailboxes you will see their account name listed here.

Take a screen shot, and make a good record of the number of times access and the individual users accessed.

Then take this info to HR to deal with accordingly, as they wouldnt be able to do anything with out proof anyhow.

Note this would only work as long as the user was not using a generic admin account like
Administrator, Admin, DomainAdmin, System ect ect

They will need to be accessing the account under their personal logoin UserName which is a member of the Domain Admin Group
0
 

Author Comment

by:readymade
ID: 37708242
Thats good info man.  I will check that.  Question though... can he download mail from the server without knowing the person's login?  The person's mail he is possibly accessing is also a domain admin.  

I guess he could quickly give himself full access to that mailbox, download it, then uncheck that.  Hmmmm.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:readymade
ID: 37716922
How do I look at the mailboxes in the mailbox store?  I can view them on the management console but it doesn't show this info.  I'm on Exchange 2007.  Thanks!

Also, would they be able to access his mail without his login?  Is there a way for a domain admin to just download the pst or ost from the server without the other person's login, and view the mail?  

thanks
0
 

Author Comment

by:readymade
ID: 37745423
Bump.  Can an admin use the Queue Viewer to stop emails from certain addresses, read them, then send them on?  

Any other way an admin could read somebody elses mail without knowing their domain login?  

thanks!
0
 
LVL 47

Accepted Solution

by:
apache09 earned 500 total points
ID: 37745440
If they are a domain admin, its likely they are an Exchange Admin

As a result they dont need other users logon info for the domain.

All they need to do is go into their amil seetings on their computer.
Create an new outlook profile, Enter the Exchange Server Name
Enter the users AD ID

Outlook will then load as that user
In such instances you wouldnt know if the admin has accessed it, as it would show as the user accessing it.


Look, at the end of the day. Theres really nothing you can do about this until officially sorted.

If you and the other admins are concerned about this admin with unauthorized access to your mailboxes, you need to do three things

1 - Use your mail only for work purposes.
Make sure there is nothing dodgy in your mailbox, and any thing the suspected admin would be interested in.

2 - If there is info in your mailbox, you dont want the admin to see.
You need to move it into a PST, W/Password

For extra security you then move that pst on to a removeable media device.

Prefferably, insert the USB Drive first.
Then create a PST directly on it from Outlook
Then Save your emails in to the PST.

If you create it on your local system first or on a netwrok drive, there is a possibility it can be recovererd via various backup and data recovery processes.

3. Make sure its being reported to HR and HR is following up on the issue.

Now if I didnt know better myself here:

From the line of questioing above, and the actions being taken to limit a Domain Admin access to ones work email...

I have to admit, Im starting to feel like this "Dodgy Admin" might just be you.
0
 

Author Comment

by:readymade
ID: 37745463
Good one....  I'm new at the company and i've not used Exchange much before.  The boss is also new and knows nothing about exchange.  However this other person always seems to know about things he isn't copied on.  He has info on projects he isn't involved in and he shares it with other departments to align himself with them.  It's pathetic actually.  If he is doing it, I would love to find a way to catch him.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
If you don't know how to downgrade, my instructions below should be helpful.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now