Protect mailbox confidentiality

How do you ensure that your users will enjoy confidentiality of their mailboxes? Well, there are ways that you can make it difficult for persons other than authorized users, and administrators, to access a given mailbox. This tip offers ways to ensure that the administrator can get into users mailboxes for legitimate purposes, and some ways to keep others (nosy snoopers, etc.) from doing so.

Let's look at how a user's mailbox can be accessed via the Exchange administrator application. The truth is, the administrator is capable of looking at mail stored in a user's mailbox only by applying the NT logon account to the particular user's mailbox. The process is as follows:

1. In Exchange Administrator 5.5, highlight the user's mailbox then click on File/ Properties.
2. Select the Permissions tab (If not visible go to Tools/Options. Select the Permissions tab and ensure that both "Show Permissions Page for all objects and "Display rights for roles on Permissions Page" boxes are checked).
3. On the Permissions tab, click Add to include your NT account to the list of accounts with mailbox owner right permissions to that particular mailbox.

If you follow this procedure, you let the administrator into a user's mailbox. Obviously you cannot now prevent this from happening, nor can you ensure that others will not abuse the permission. But certain control measures can be put into place to limit the extent by which administrators can abuse their power. They are:

• Allow only a few people (the administrator and a superior, e.g.) to know the Exchange services account password.

• Make sure that all Exchange administrators log off the administrator's account when they're not working on the Exchange Server.

• Assign ownership of mail folders stored in the Exchange server to the respective user account and not the administrator.

  ---

  Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

  
  

  Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Security Tips Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Microsoft Exchange Server Permissions Restrict access to Outlook Web Access via Exchange System Manager Why you should secure Exchange 2007 using administrative policies Editing Exchange Server public folder permissions Can't delete old Microsoft Outlook public folders Why can't I grant users permissions to an Exchange public folder? Exchange public folder calendar can't be opened in Microsoft Outlook Grant or deny permissions to access a user's Exchange 2007 mailbox Set Outlook calendar permissions for group to view private meetings Exchange Admin 101: Exchange 2003 and Exchange 2007 admin privileges Selectively set email permissions for Exchange groups RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary privilege  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.