none
Exchange administration RRS feed

  • Question

  • 1) Is there any way to trace the attachment name, size and number of attachment in an email?

    2) Is there any way to log all mailbox export to pst for compliance, either on ems or any alternate way?

    3) How can we lock down an Exchange admins to prevent access to read any others user email?  

    Tuesday, July 23, 2013 12:36 PM

Answers

  • I'll take a stab at #3.   If an administrator is a member of either Domain Admins or Enterprise Admins, they can modify the permissions of any object. 

    The bottom line is that it is VERY difficult to keep an administrator from changing permissions on a mailbox and giving themselves access to view the content.  There are seldom good technological solutions to prevent bad behavior (that is an Ed Crowley quote). 

    You can enable mailbox logon auditing and audit if someone other than the administrator is opening the mailbox.  We implemented Quest Change Auditor and control access to certain permissions groups and also audit mailbox access. 


    Jim McBee - MVP, MCT, MCSE Using Exchange since the v4.0 beta in 1995 - Blog http://mostlyexchange.blogspot.com

    Tuesday, July 23, 2013 7:45 PM
  • And, I'll take a stab at #2.  A good auditing solution is probably your best bet.  Exchange 2010 has better built-in auditing of mailbox access and the types of access.


    Jim McBee - MVP, MCT, MCSE Using Exchange since the v4.0 beta in 1995 - Blog http://mostlyexchange.blogspot.com

    Tuesday, July 23, 2013 7:48 PM

All replies

  • Hi

    1) Are you wanting to look at tracking logs or something that Powershell can pull?

    3) http://social.technet.microsoft.com/Forums/exchange/en-US/685062f2-b877-4a5e-8544-536d576d3677/prevent-administrator-read-email

    Tuesday, July 23, 2013 12:50 PM
  • Hi,

    1) I having some issue with a bulk internal application relay email. I need to check the attachment whether intact and work as per expected.
        From the message tracking log, I cannot tell the number of attachment of each email. Appreciate for help on this.

    Tuesday, July 23, 2013 1:05 PM
  • I'll take a stab at #3.   If an administrator is a member of either Domain Admins or Enterprise Admins, they can modify the permissions of any object. 

    The bottom line is that it is VERY difficult to keep an administrator from changing permissions on a mailbox and giving themselves access to view the content.  There are seldom good technological solutions to prevent bad behavior (that is an Ed Crowley quote). 

    You can enable mailbox logon auditing and audit if someone other than the administrator is opening the mailbox.  We implemented Quest Change Auditor and control access to certain permissions groups and also audit mailbox access. 


    Jim McBee - MVP, MCT, MCSE Using Exchange since the v4.0 beta in 1995 - Blog http://mostlyexchange.blogspot.com

    Tuesday, July 23, 2013 7:45 PM
  • And, I'll take a stab at #2.  A good auditing solution is probably your best bet.  Exchange 2010 has better built-in auditing of mailbox access and the types of access.


    Jim McBee - MVP, MCT, MCSE Using Exchange since the v4.0 beta in 1995 - Blog http://mostlyexchange.blogspot.com

    Tuesday, July 23, 2013 7:48 PM
  • Hi,

    For your first issue, I recommend you use SMTP protocol logging to check your messages.

    For your second issue and third issue, I agree with Jim's suggestion.

    Regards,
    Belinda Ma

    Wednesday, July 24, 2013 5:58 AM