1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Recover deleted items without the user knowing

Discussion in 'Exchange Exams' started by Stoney, Feb 23, 2007.

  1. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Ok, this may sound a bit dodgy, but if I had been delegated fulll access to another users mailbox and I recovered their deleted items, would the deleted items get recovered in their version of Outlook or just mine?
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  2. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    it would reappear in their exchange mailbox serverside, since thats where you are recovering it. so they would see it too.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  3. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Thanks Fergal, that's what I thought but wasn't 100%. I'll leave it for the time being.

    We have a user outside of the UK who is currently working his notice and we suspect he may be sending company info out via email. So wanted to recover his deleted items without his knowledge.
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  4. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    its prudent that users lose alot of functionality during notice periods for exactly that reason!
    ban attachments and such from his account
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  5. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Unfortunately the nature of his work requires him to send documents to customers on a regular basis and he's not being replaced. Otherwise I would!
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  6. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    well id atleast make your line manager aware of the concerns if they are not all ready
    thats one of the key reasons it staff and sales staff get put on garden leave, they can do too much damage if they keep doing there job, and if you restrict them they cant do there job! so send em home for a few weeks

    seems the company is opening itself up to a lot of risk by not taking the appropriate precautions!

    Good luck keeping an eye on him mate
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  7. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    I agree, maybe they will see this as *learning experience* and apply a more secure policy in the future!

    Thanks! It's quite an interesting task actually, not the normal sort of thing i'd be required to do.
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  8. GW

    GW Byte Poster

    119
    4
    39
    Isn't there a way to automatically blind cc another account so any e-mails the person sends it would send to the blind cc without the person sending the e-mail knowing?

    I know about a decade ago I set that up on a users computer (forget what e-mail client) because of a simular situation.

    GW
     
    Certifications: MCP x4, CompTia x3
    WIP: Cisco CCNA
  9. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    If the company is running a mail filtering solution (SurfControl, ClearSwift or something similar) then its trivial to set up in that - best part of doing it is thaty its COMPLETELY silent to the user. Although it is possible to do this in Exchange, I'm always twitchy about touching things I don't fully understand - whereas I'm perfectly at home with SmurfControl and, indeed, currently have several users who are being covertly monitored by our internal compliance department in this manner.
     
    Certifications: A few
    WIP: None - f*** 'em
  10. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    Since we're talking about this sort of thing, I think we should talk (even briefly) on the legalities of monitoring a users emails.

    I was given the impression by the high-up techs in my company that you may only access anothers account under certain circumstances:
    1. You have been instructed by HR to investigate the account as part of a disciplinary investigation
    2. To investigate activities you notice that affect service availability
    3. In reponse to a report of a fault from the user

    I was also under the impression that if you do not approach things correctly, then the company can be sued for breach of human rights (relating to privacy).

    Does anyone have any official documentation on the legalities of doing this?

    Fergal
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  11. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Your correct ferg, but numerous policies help companys strenghten there position
    such as AUP in place, informing users of said monitoring (much like you have to post CCTV noticed) and other such steps

    whilst it is true that a lot of techs have god complexes and think they can do what they bloody well please, there are lots of genuine reasons a company can perform such tasks to protect its assests and image

    again tho, its a gray area which is why most companys throw people on garden leave in those circumstances
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  12. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    I love working for the Old Bill.

    Our AUP basically gives us carte blanche to do whatever we like regarding investigating, provided we follow the correct procedures, and it all goes officially via the Internal Affairs bods.

    I'm attending a workshop on Admin Abuse next month - that should prove interesting, especially since its aimed squarely at law enforcement peeps :)
     
    Certifications: A few
    WIP: None - f*** 'em
  13. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    That's what after-hours work is for. 8)
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  14. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    You might want to weld shut his USB ports too.

    I agree with Ryan, send him home paid until his notice runs out, he will not be working at this point with the company's best interests in mind. This is the point when data gets silently stolen.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  15. Slam

    Slam Bit Poster

    37
    0
    2
    Has the Exchange server not been setup so that it records every message sent and received in the ogranisation to a seperate mail acccount? If I remember rightly this can be done from System Manager, selecting the properties of a storage group and choosing a mailbox? That way you can see what he's getting in and out without him knowing.
     
  16. Donmac

    Donmac Bit Poster

    42
    0
    16
    You can setup a catch all that takes a copy of every email sent and received

    System Manager - Mailbox Store - General Tab - Archive

    Only problem being it takes a copy of everyone in that stores email, that can be a lot of emails to go through, if you have exchange enterprise just create a new mail store and move the user over one evening then setup archiving.
     
    Certifications: a few
    WIP: CCDA, CCNP, Ex2k7, Win2k8

Share This Page

Loading...