Help secure Exchange with Encrypting File System

Just as important is the requirement to make sure that nefarious people cannot get into your server and read your users' e-mail. Some of these e-mails could contain company confidential information, especially given the fact that most users will not be aware of the need to secure confidential information in their e-mail messages.

So how do you go about handling such problems? One way, suggested in an article by Kent Joshi at InformIT, is to use the Encrypting File System (EFS) for your e-mail message store.

Exchange administrators can invoke EFS on the server. You then right click on the file you want protected, and then follow the wizards to set EFS in place. Once that's done, a user can even grant access to his mailbox to another user, or the administrator can do so, and that second person will be unable to read mail that the user has encrypted from his Outlook client.

You will also want to ensure that access to the Exchange server is controlled, so that rogue persons cannot get into the server and alter settings. You can do this with a Group Policy Object (GPO), specifying which groups of users are allowed to access the server itself.

But there's one thing that many people might forget, and that is to ensure that the GPOs themselves are secured with an access control list. If someone can get into your GPOs and alter them, they could give themselves access to your entire network setup. So make sure you use restrictive Access Control Lists that will not allow just anyone to view or edit them.

David Gabel has been testing and writing about computers for 25 years.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Security Tips Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Email Encryption How to protect an Exchange journaling mailbox from email spoofing Using Exchange Server journaling as an email-archiving solution Deploying ISA Server as a firewall for Exchange Server mobile devices How to set up an SSL certificate to encrypt OWA and ActiveSync traffic SecureZip improves encryption for Microsoft Outlook A Microsoft Outlook email security tutorial -- 8 tips in 8 minutes Zip and encrypt Microsoft Outlook email attachments Microsoft Outlook email encryption simplified Microsoft repackages e-mail hosting service Time lag opening and sending encrypted e-mails Microsoft Exchange Server Permissions Restrict access to Outlook Web Access via Exchange System Manager Why you should secure Exchange 2007 using administrative policies Editing Exchange Server public folder permissions Can't delete old Microsoft Outlook public folders Why can't I grant users permissions to an Exchange public folder? Exchange public folder calendar can't be opened in Microsoft Outlook Grant or deny permissions to access a user's Exchange 2007 mailbox Set Outlook calendar permissions for group to view private meetings Exchange Admin 101: Exchange 2003 and Exchange 2007 admin privileges Selectively set email permissions for Exchange groups RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary privilege  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.