stop users from deleting or archiving emails (exchange 2003)

That looks useful, but seems to be for the entire mail store.
With 60 users and 2GB each, things will slow down.

I really only want to do this for the user that is leaving from a certain date till the day they leave.

Thoughts?

Depending on Exchange's 2003 version (or edition) you might be able to create a new store, move the user's mailbox to this newly created store, set Journaling on this store only.
Please post Exchange's 2003 edition: Standard, Enterprise, bundled with SBS 2003.

Standard  - Version 6.5 (Build 7638.2: Service Pack 2)
Can't seem to create and additional mail store

Set Message Retention. With it, even deleted mails are kept for "X" days.
After the user left, set it back to previous value.

Our retention is set to 10 days already.
This might be the only solution for capturing outbound emails.

It won't do jack if the user knows to shift-delete or archive's their mailbox to a PST stored on a flash drive or something.

Before asking this question on EE, I was doing to take an export of the full account (from when we are notified that they are leaving), turn on auto-forwarding to another mailbox (sending to the original mailbox ticked), but then had the dilemma of outbound emails.
I had forgot about the mail retention.

Is there anything else that we could try?

I really would give Journaling a chance. Journaling will not slow down but will need some space. Check your free HDD space AND free Exchange's DB space (it is limited to 75GB at best). If you run Journaling for a limited number of weeks (even a couple of months) you shouldn't have space issues.

Journaling is the best and most complete approach in your scenario.

Any other solution is not as complete as Journaling or involves costly 3rd party software that you might find very difficult to obtain and configure since Exchange 2003 is old and unsupported.

Message retention is the best option.  The user could have the perception of being able to delete but in the background, the erased messages are kept.  Once the employee leaves, you could unerase all the erased messages.   My only concern is what does your HR say about this.  There are many privacy issues with regards to email and in order to be able to do it, you may need to inform the users ahead of time about the policy.

In regards to HR, we have a very strict intellectual property and resources policy that the employee signs when they start.  Any breach of that is grounds for instant dismissal or legal action.
The use of Outlook, Exchange and internet services provided by the firm (yes, we are a law firm) for transmission of company data for personal use is against our intellectual property and resources policy.

So if I install the journaling, it can be enabled and disabled at will?  If so, then we'd only enable it when we learn the employee is leaving.

We have the storage, but the exchange DB is pretty darn full, so maybe it won't be an option.  But I want to know what the options are so I can discuss with the MD.

Journaling can be set and unset when you want. Once set, it will capture all mail traffic in the store (by all users hosted by that store) including sent and receive, internal and external.

In order to understand your Exchange's DB size sum priv1.edb and priv1.stm (default names - your names might be different) file's sizes.
Also consider "MSExchangeIS Mailbox Store" event ID 1221 in the Application Log. This tells you how much space can be freed.

Please post the sum of the 2 files and the size report by event 1221.

If your DB is getting large, what you should consider is creating a second DB for migrate some users to that.  Create a DB for journaling only and move mailboxes that needs to be journaling to that DB.

It is a good idea to distribute users across multiple databases in an event there is an issue with one database and you affect some users and not all.  Also note that repairs/diagnostics on a very large database can be extremely time consuming.

Sembee is absolutely correct but at least they could see what was deleted in the last little while.  We have implemented Symantec Enterprise Vault and have enabled policy where users cannot create PST files.  With Enterprise Vault you could setup journaling for selected users regardless of DB they are in as well as you could keep your DBs small by implementing archiving where attachments will be stripped from email and stored in vault based on mailbox size, date, etc.

Journaling looks to be the solution, but I cannot be bothered configuring it until we have made a decision on the future of our exchange server.
I've told them that it cannot be done without significant cost and downtime to upgrade to a newer exchange version or a sizable performance cut and data storage usage.
They'd put it on hold until we determine whether to go to Exchange 2011 or a hosted exchange solution.

Thanks for the support guys

If you have been told there will be downtime to move to a new version of Exchange then you need to get better advice. It is perfectly possible to move to a new version of Exchange with zero downtime - I know because I do so three or four times a month.

No Exchange 2011 - either Exchange 2010 or 2013.

Simon.