readymade
asked on
Rogue admin access to mail via Exchange 2007
What can we do to secure our email so that a rogue Domain Admin can't read it?
Obviously he can't copy our PST files over the network while we have Outlook open, or while our laptops aren't on the network. Can he download our mail from the Exchange server? We are also Domain Admins and he doesn't have our logins. If he changed them, we would obviously know.
So can he download and read our mail from the server without us knowing? If so, how can we secure our mail, or at least know if he has accessed it?
And please don't say something stupid like "don't make him domain admin" or "fire him." These are not options right now.
Thanks for your help.
Obviously he can't copy our PST files over the network while we have Outlook open, or while our laptops aren't on the network. Can he download our mail from the Exchange server? We are also Domain Admins and he doesn't have our logins. If he changed them, we would obviously know.
So can he download and read our mail from the server without us knowing? If so, how can we secure our mail, or at least know if he has accessed it?
And please don't say something stupid like "don't make him domain admin" or "fire him." These are not options right now.
Thanks for your help.
Is there a way you can restrict his network access? What server/network setup are you currently using? Usually we just limit permissions in this case until one of the two "unspeakables" above become a viable choice.
ASKER
Like I said, that's not an option right now.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thats good info man. I will check that. Question though... can he download mail from the server without knowing the person's login? The person's mail he is possibly accessing is also a domain admin.
I guess he could quickly give himself full access to that mailbox, download it, then uncheck that. Hmmmm.
I guess he could quickly give himself full access to that mailbox, download it, then uncheck that. Hmmmm.
ASKER
How do I look at the mailboxes in the mailbox store? I can view them on the management console but it doesn't show this info. I'm on Exchange 2007. Thanks!
Also, would they be able to access his mail without his login? Is there a way for a domain admin to just download the pst or ost from the server without the other person's login, and view the mail?
thanks
Also, would they be able to access his mail without his login? Is there a way for a domain admin to just download the pst or ost from the server without the other person's login, and view the mail?
thanks
ASKER
Bump. Can an admin use the Queue Viewer to stop emails from certain addresses, read them, then send them on?
Any other way an admin could read somebody elses mail without knowing their domain login?
thanks!
Any other way an admin could read somebody elses mail without knowing their domain login?
thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good one.... I'm new at the company and i've not used Exchange much before. The boss is also new and knows nothing about exchange. However this other person always seems to know about things he isn't copied on. He has info on projects he isn't involved in and he shares it with other departments to align himself with them. It's pathetic actually. If he is doing it, I would love to find a way to catch him.