Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
User Security threat
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
User Security threat - 1.Nov.2007 5:08:59 PM
|
|
|
dcunningham
Posts: 6
Joined: 30.Aug.2007
Status: offline
|
Hello, I have a potential security threat that management wants me to be proactive on but i am not sure how exactly to go about it. I will lay out what I need to have happen when everything is all said and done and if anyone has answers on the "how" part that would be great.
1. Get a back up of the particular users mailbox in the morning
2. Set up the mailbox to that it will allow management to go through it and look through the e-mails.
3. All without the user knowing.
I wasn't sure if it is even possible to backup one particular mailbox with exchange or if you had to use the backup software that we have in place.
Any info would be great.
|
|
|
|
|
RE: User Security threat - 3.Nov.2007 12:14:16 PM
|
|
|
mark@mvps.org
Posts: 3958
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
|
www.ivasoft.biz has "Selective Journaling". It's the "only" way that you can do this in 2003 without awful masses of email and filtering.
Either that or go to 2007 which, I will be the first to admit, is using an expensive sledgehammer to crack a nut.
_____________________________
Mark Arnold (Exchange MVP)
List Moderator
|
|
|
|
|
RE: User Security threat - 3.Nov.2007 1:20:09 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Hiya, you could use EXMERGE on a schedule to export a copy of the mailbox to PST every morning, - but the mailbox would need to be smaller than 2GB.
Mark is totally correct about the Journaling scenario his suggestion is by far and away the cleanest - However if you are using Enterprise Edition of Exchange 2003 - you could in theory create and then move the mailbox to a dedicated store and turn on store journaling to a dedicated Journal mailbox which management could review -
Cheers
A
< Message edited by a.grogan -- 3.Nov.2007 1:22:01 PM >
_____________________________
Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my blog:
W: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com
|
|
|
|
|
RE: User Security threat - 5.Nov.2007 5:16:40 PM
|
|
|
cestmoi
Posts: 159
Joined: 14.May2007
Status: offline
|
Since I'm a relative novice, I'm going to be thinking in a naive way... couldn't you just set the account to allow user = boss/ management to view the mailbox? You can set it to allow yourself (the admin) to view the contents of the inbox also. Then, on your Outlook, simply connect to that mailbox, create a PST and voila.. you have a backup. You or the boss can view to his heart's content.
|
|
|
|
|
RE: User Security threat - 5.Nov.2007 5:37:09 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
That's true - and a valid suggestion - but what do you do about messages that require read receipts which notify then sender - ok you can use Outlook 2003 to deny the read reply (or OWA 2003) - but in the case of computer forensics you need to demonstrate the data has not been modified - this cannot be done via these method.
If you view a users inbox directly as an admin and view a message the following could happen:
- Unread mesages will be read (you can mark them as unread but if they need a read noticiation and you choose to deny as an admin the person owning the mailbox will not be prompted - dead giveaway)
In a legal context an export that is automated to PST and marked as read-only and dated then a journal is created from the store which back the data in the PST (which is generated by the system without user intervention are viable in court),
Cheers
A
_____________________________
Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my blog:
W: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com
|
|
|
|
|
RE: User Security threat - 15.Nov.2007 1:50:38 AM
|
|
|
rishishah
Posts: 576
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
|
All valid options and you may wish to look at cheaper commercial Mail Archiving options.
I would recommend the simple GFI MailArchiver - www.gfi.com
_____________________________
Rishi Shah, MCP
If an advice works, report this to the fourm so that others are more confident about it.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
|
RE: User Security threat - 28.Nov.2007 2:16:10 PM
|
|
|
jassyca
Posts: 227
Joined: 20.Jul.2006
Status: offline
|
quote:
ORIGINAL: a.grogan
That's true - and a valid suggestion - but what do you do about messages that require read receipts which notify then sender - ok you can use Outlook 2003 to deny the read reply (or OWA 2003) - but in the case of computer forensics you need to demonstrate the data has not been modified - this cannot be done via these method.
If you view a users inbox directly as an admin and view a message the following could happen: - Unread mesages will be read (you can mark them as unread but if they need a read noticiation and you choose to deny as an admin the person owning the mailbox will not be prompted - dead giveaway)
er.. then just turn off that option in your Outlook settings.
Main Outlook window --> Tools --> Options --> "Other" tab. Click the "Preview Pane" or "Reading Pane" button. Uncheck both "Mark whatever as read" options.
But, I'll agree that for forensic purposes (and therefore, something that can stand up in court) you should have something that does automatic journaling. That way, it'll even catch those messages that the person received today and deleted today whereas backing up once a day would miss those.
quote:
In a legal context an export that is automated to PST and marked as read-only and dated then a journal is created from the store which back the data in the PST (which is generated by the system without user intervention are viable in court),
Cheers
A
|
|
|
|
|
RE: User Security threat - 28.Nov.2007 3:27:38 PM
|
|
|
rishishah
Posts: 576
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
|
If you dont want to invest in a MailArchiving product just yet why not make a 2nd storage group on your exchange server. And migrate the users concered to that storage group.
Switch on the Journaling just for that storage group and mail it to a mailbox.
Voila you now collect all mail sent and received just within that storage group.
I am assuming you have enough resources to cater for another storage group, but if it is just a few users you wish to initially monitor this should do on the same exchange server.
Otherwise something like GFI Mailarchiver is a cheap product but does a great job.
_____________________________
Rishi Shah, MCP
If an advice works, report this to the fourm so that others are more confident about it.
Want a quicker answer - than describe your issue in as much detail as possible and exactly what steps you have already taken.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
