Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Exchange Admin inappropriately reading user email?

137 views
Skip to first unread message

Ron

unread,
Oct 24, 2007, 11:39:01 AM10/24/07
to
I'm a net admin at a medium size company. Unlike a lot of places, we
actually have a policy that says users' email are private and that we'll only
read them if absolutely necessary.

Unfortunely, my boss believes one of the Exchange admins is making a reading
people's emails from his desktop.

Does anyone know if there's an easy way to check and see if he's attaching
to other users' inboxes through Outlook? His account has access to
everyone's mail, of course. Is there a security audit we can turn on or
anything like that to track this kind of thing?

I'm only an Exchange admin backup, so it's not my primary area of
responsibility. At the least, I'd like to find something to my boss's
suspicious mind to rest.

Thanks for any help,

Ron

Susan

unread,
Oct 24, 2007, 11:53:43 AM10/24/07
to
why does this admin have access to everyone's mail? that's not required to
manage Exchange...he would need full mailbox access permission to all
mailboxes for that...you should be able to see if he has that right, and
where it was granted...

--
Susan Conkey [MVP]

"Ron" <R...@discussions.microsoft.com> wrote in message
news:BAD3FDCE-7F81-43BE...@microsoft.com...

Mark Arnold [MVP]

unread,
Oct 24, 2007, 11:57:35 AM10/24/07
to
On Wed, 24 Oct 2007 08:39:01 -0700, Ron
<R...@discussions.microsoft.com> wrote:

>I'm a net admin at a medium size company. Unlike a lot of places, we
>actually have a policy that says users' email are private and that we'll only
>read them if absolutely necessary.

What, absolutley necessary as in like like suspending Posse Comitatus
necessary?

>
>Unfortunely, my boss believes one of the Exchange admins is making a reading
>people's emails from his desktop.
>
>Does anyone know if there's an easy way to check and see if he's attaching
>to other users' inboxes through Outlook? His account has access to
>everyone's mail, of course. Is there a security audit we can turn on or
>anything like that to track this kind of thing?
>
>I'm only an Exchange admin backup, so it's not my primary area of
>responsibility. At the least, I'd like to find something to my boss's
>suspicious mind to rest.
>
>Thanks for any help,
>
>Ron

None that your Exchange admin won't be covering his tracks with. If
you only climb into people's mailboxes when necessary your Exchange
admin shouldn't have the rights to get in. No account has, by default,
the right to get into a mailbox so just have your manager demand that
you implement a bit of security and take the rights away.

If your manager won't do that he hasn't a leg to stand on and they
deserve all the intrusion they get.

Ron

unread,
Oct 24, 2007, 12:11:04 PM10/24/07
to
(I had trouble posting my first reply so this might be a repeat. Sorry, if
so.)

I just checked, and all the Exchange Admins have full rights over everyone's
mailboxes. This is probably the way just the way they set things up. I
don't know their logic for doing that, since it predates my tenure here. It
sounds like it's not a good thing to do, given our policy.

I could suggest the privilege change to my boss, but that doesn't address
the original question. He's still going to want to know if it's possible to
see if this guy or any of the other Exchange admins have been accessing other
users' mailboxes. Do you know if there's a way to do that?

Thanks

Ron

unread,
Oct 24, 2007, 12:14:01 PM10/24/07
to
(I had trouble posting my first reply so this might be a repeat. Sorry, if
so.)

I just checked, and all the Exchange Admins have full rights over everyone's
mailboxes. This is probably the way just the way they set things up. I
don't know their logic for doing that, since it predates my tenure here. It
sounds like it's not a good thing to do, given our policy.

I could suggest the privilege change to my boss, but that doesn't address
the original question. He's still going to want to know if it's possible to
see if this guy or any of the other Exchange admins have been accessing other
users' mailboxes. Do you know if there's a way to do that?

Thanks

Ron

unread,
Oct 24, 2007, 12:16:01 PM10/24/07
to
Okay. Just read this. I got it. There's no way of checking. Too bad, but
I'll recommend the privilege change. Sounds like our Exchange Admins have
given themselves a lot more access than they need.

Thanks

John Fullbright

unread,
Oct 24, 2007, 12:37:12 PM10/24/07
to
Neil outlined a way to check a while back, it's a bit complicated.

http://www.msexchange.org/tutorials/Auditing-Mailbox-Access-Exchange-System-Manager-Event-Viewer.html

If you're in a situation where your manager can't trust your exchange admin
then:

a. Get a new exchange admin
b. Have the manager undgo a psychological evaluation and address any
potential paranoid delusional disorders .

or

c. All of the above.

"Ron" <R...@discussions.microsoft.com> wrote in message

news:32F9C1A9-08BA-4DD5...@microsoft.com...

Ron

unread,
Oct 24, 2007, 12:52:01 PM10/24/07
to
LOL. I actually think he has a good reason to be concerned about this
individual, though.
- r

Susan

unread,
Oct 24, 2007, 1:28:02 PM10/24/07
to
hahaha...I like that..."a." gets my vote...if there's real reason to suspect
you cannot trust that person...

--
Susan Conkey [MVP]

"John Fullbright" <fjohn@donotspamnetappdotcom> wrote in message
news:uOwUiwlF...@TK2MSFTNGP02.phx.gbl...

Todd Richards

unread,
Oct 24, 2007, 3:15:39 PM10/24/07
to
Sometimes my boss needs access to mailboxes when the user is out of the
office.
As the Exchange Admin, I have given myself admin rights to all mail boxes
for this purpose.
Am I a bad person? Is there another way I should approach this problem when
the boss calls?

"Susan" <sco...@mgmmirage.nospam.com> wrote in message
news:u4f3OYl...@TK2MSFTNGP04.phx.gbl...

John Fullbright

unread,
Oct 24, 2007, 3:48:28 PM10/24/07
to
Then the answer is A. Without knowing the dynamics of the personalities
involved all I can do is spell out all the options.


"Ron" <R...@discussions.microsoft.com> wrote in message

news:020A3DB0-1285-4F21...@microsoft.com...

Susan

unread,
Oct 24, 2007, 3:53:21 PM10/24/07
to
why is it that you need this full access? I just said it's needed for
normal management of Exchange...it's not "bad", per se, but as you see
yourself, subject to abuse when granted to the wrong person...

--
Susan Conkey [MVP]

"Todd Richards" <rich...@bridgefarmer.com> wrote in message
news:D78A3B69-2A9B-4938...@microsoft.com...

John Fullbright

unread,
Oct 24, 2007, 5:28:55 PM10/24/07
to
If you can't trust your admin, then you need a new admin (someone you can
trust). In the end that's what it comes down to; trust.


"Susan" <sco...@mgmmirage.nospam.com> wrote in message

news:%23EiP8Mm...@TK2MSFTNGP04.phx.gbl...

Susan

unread,
Oct 24, 2007, 5:57:57 PM10/24/07
to
agreed...you definitely need someone trustworthy in that role...

--
Susan Conkey [MVP]

"John Fullbright" <fjohn@donotspamnetappdotcom> wrote in message

news:%23cjpiTo...@TK2MSFTNGP06.phx.gbl...

Leythos

unread,
Oct 24, 2007, 8:15:31 PM10/24/07
to
In article <BAD3FDCE-7F81-43BE...@microsoft.com>,
R...@discussions.microsoft.com says...

In the USA the company owns the email and may read it without notice at
any time - but you already know this.

As for detecting it, no, there is no simple means to detect it - fire
the IT Admin if you don't trust him. If his reading email is a concern
then what about all the data he has access too?

We monitor emails based on the user and key words and number of emails
in/out - we've caught a lot if idiots doing a lot of personal business
and even two that were working with the competition using this method.

If you don't trust your admin your only real solution is to fire that
person.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9...@rrohio.com (remove 999 for proper email address)

Todd Richards

unread,
Oct 25, 2007, 11:14:09 AM10/25/07
to
I don't know that I need Full access unless this is the only way to comply
with my boss' request for access to a users e-mail.
What do other admins do in a case like this?

"Susan" <sco...@mgmmirage.nospam.com> wrote in message

news:%23l1bIen...@TK2MSFTNGP06.phx.gbl...

Susan

unread,
Oct 25, 2007, 11:19:07 AM10/25/07
to
How often and why would you need access to a user's mailbox? that doesn't
normally occur very frequently...when I have to grab a copy of a user's
mailbox for any reason, I just use exmerge...I have a special account
configured to run exmerge with, and I use it only for that purpose...

--
Susan Conkey [MVP]

"Todd Richards" <rich...@bridgefarmer.com> wrote in message

news:7EE63DD9-993C-41E4...@microsoft.com...

KevinS

unread,
Jul 28, 2008, 2:34:20 PM7/28/08
to
Definitely don't want anyone here on my jury.

Nothing I have read shows any proof that the admin is reading the mail.
What is the suspicion based on? Emails going from unread to read and back?

I'm facing the same situation with a suspected admin but I would like to
know for sure before I possibly ruin someone's career.

Lanwench [MVP - Exchange]

unread,
Jul 28, 2008, 2:51:03 PM7/28/08
to
KevinS <Kev...@discussions.microsoft.com> wrote:
> Definitely don't want anyone here on my jury.

Sure you do. We're admins ourselves. We have no reason to smite someone
summarily.

>
> Nothing I have read shows any proof that the admin is reading the
> mail. What is the suspicion based on?

That it has been known to happen, and the boss of the company believes it is
happening, and it is certainly well within an admin's power to do so.

> Emails going from unread to
> read and back?
>
> I'm facing the same situation with a suspected admin but I would like
> to know for sure before I possibly ruin someone's career.

You can never know for sure unless you have a nanny-cam on the admin all the
time. You can review auditing logs, etc., but ultimately it comes down to

0 new messages