Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Can an Administrator read users' mail on Ex2003 ?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Can an Administrator read users' mail on Ex2003 ? - 17.Oct.2006 8:36:33 AM
|
|
|
horatio
Posts: 2
Joined: 17.Oct.2006
Status: offline
|
Hi
I know that it's extremely dangerous, but is it POSSIBLE for an Administrator to read a user's messages DIRECTLY on an Exchange 2003 Server (that is, without needing to grant mailbox permissions and then use Outlook) ?
If so, how ?
I am aware of being able to use ESM to look at messages in queues etc, but (by design) we understood that Exchange does not allow the content, or even subject, to be seen.
We are currently doing some work with a company where one of the employees claims to have "stumbled across" a sensitive e-mail whilst doing some Exchange housekeeping, but their manager believes that the person actually used a co-worker's login to read the e-mail in Outlook instead.
Having never had any need - or desire - to read user messages directly on the Exchange server, we have no experience of this situation, so the question is - is it possible ?
Many thanks in advance for any guidance.
Horatio
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 17.Oct.2006 12:28:39 PM
|
|
|
jchong
Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
|
In order to view another persons MB, the account needs explicity rights either to his MB in Active Directory Users and Computers, by granting this person "Full MB rights" or at the store level, org level in Exchange System Manager. You will need to review your permission structure in both places to see if you have a security group say "Domain Admins" that have full rights to say Exchange or the Store level. However, any admin can usually give themselves rights to view MBs.
_____________________________
James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 17.Oct.2006 2:52:39 PM
|
|
|
horatio
Posts: 2
Joined: 17.Oct.2006
Status: offline
|
Hi James
Thanks for your swift response.
I am sorry that I did not make myself completely clear in my first post.
I understand that suitable permissions need to be in place, but assuming that they are, the issue is COULD an Administrator read another user's mails, without opening that user's mailbox in Outlook from a client PC ?
i.e. Is there a way (on the server), either within System Manager or via the File System or whatever, of opening up either an individual message or the whole mailbox ?
Hope that this clarifies things and thanks once again.
Kind regards,
Horatio
quote:
ORIGINAL: jchong
In order to view another persons MB, the account needs explicity rights either to his MB in Active Directory Users and Computers, by granting this person "Full MB rights" or at the store level, org level in Exchange System Manager. You will need to review your permission structure in both places to see if you have a security group say "Domain Admins" that have full rights to say Exchange or the Store level. However, any admin can usually give themselves rights to view MBs.
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 17.Oct.2006 3:27:04 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Horatio,
Assuming that the permissions "send as" and "receive as" are assigned to the administrator at the organisation level or the store level via the ESM you could read any persons e-mail by reactivating the EXIFS drive (previously the M: drive in Exchange 2000) - from there you can navigate down through the drive to each users mailbox and open up each message using either notepad or Outlook express on the server (as the messages appear in the EXIFS drive as .eml files").
Scary I know - but that is one way, it is also the way which can be hidden the best.
A
_____________________________
Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my blog:
W: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 18.Oct.2006 12:52:17 PM
|
|
|
Killerbe
Posts: 29
Joined: 15.Apr.2006
Status: offline
|
Can you eplain in more detail please?
ExIFS handles the STM files, which is streaming content.
How can ExIFS provide access to data that is stored in the EDB file?
Not that i'm having bad intentions, just wanna know as much as possible about Exchange.
_____________________________
MCSE+M - MCSA+M
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 19.Oct.2006 1:50:29 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Hiya the Exchange Installable File system was brought in for Exchange 2000, but it does not pertain particularly to STM files and content but it does use ESE to communicate with them (using ExWin32.dll - which is a store extension application).
Essentially the EXIFS is a kernel mode driver (Exifs.sys) which applications such as IIS and IIS based web applications can use to manipulate items directly in the messaging databases.
In Exchange 2000 there was an M: drive by default on all Exchange servers - and providing you had the right access you could drill down in the M drive to each and every users folder - this was implemented via EXIFS.
In Exchange 2003 Microsoft made the wise move of removing the M: drive by default - mainly down to users running file level virus checkers on the M drive and messing up the database - however you can re-enable the drive (not personally recommended) by following this article http://support.microsoft.com/default.aspx?scid=kb;en-us;821836
Trust this helps
_____________________________
Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my blog:
W: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 23.Oct.2006 12:36:33 PM
|
|
|
Killerbe
Posts: 29
Joined: 15.Apr.2006
Status: offline
|
Thanks, verry usefull information.
Pray to god, i hope i do not forget ;)
_____________________________
MCSE+M - MCSA+M
|
|
|
|
|
RE: Can an Administrator read users' mail on Ex2003 ? - 25.Oct.2006 5:34:31 PM
|
|
|
joshh385
Posts: 141
Joined: 2.May2006
Status: offline
|
It's very possible that the story is true. That is, that the admin came across a message while doing some type of maintenance: going through a spam quarantine, checking messages hung up in the queue, and so on. Often times these types of tasks will have .msg files in the file system where they are accessible via notepad, Outlook, ... by virtue of reviewing quarantined messages, as an example, you have to look at the message to see if legit messages are being blocked.
I read a good article recently that addressed what seems to be the more and more common concern people have over admins accessing things they shouldn't, whether it be mail, files, databases, etc. The core of it was if you can't trust your admins to stay out of things they shouldn't be in you have a bigger problem. Why? How do you lock an admin out of something? Someone is always going to have to have access to what someone else is locked out of, so ultimately you'll have to trust at least one person. Plus, if it is just one person you're putting yourself in a bad spot there too.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
