Recover deleted items without the user knowing

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Ok, this may sound a bit dodgy, but if I had been delegated fulll access to another users mailbox and I recovered their deleted items, would the deleted items get recovered in their version of Outlook or just mine?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

it would reappear in their exchange mailbox serverside, since thats where you are recovering it. so they would see it too.

 

Thanks Fergal, that's what I thought but wasn't 100%. I'll leave it for the time being.

We have a user outside of the UK who is currently working his notice and we suspect he may be sending company info out via email. So wanted to recover his deleted items without his knowledge.

 

its prudent that users lose alot of functionality during notice periods for exactly that reason!
ban attachments and such from his account

 

Unfortunately the nature of his work requires him to send documents to customers on a regular basis and he's not being replaced. Otherwise I would!

 

well id atleast make your line manager aware of the concerns if they are not all ready
thats one of the key reasons it staff and sales staff get put on garden leave, they can do too much damage if they keep doing there job, and if you restrict them they cant do there job! so send em home for a few weeks

seems the company is opening itself up to a lot of risk by not taking the appropriate precautions!

Good luck keeping an eye on him mate

 

I agree, maybe they will see this as *learning experience* and apply a more secure policy in the future!

Thanks! It's quite an interesting task actually, not the normal sort of thing i'd be required to do.

 

Isn't there a way to automatically blind cc another account so any e-mails the person sends it would send to the blind cc without the person sending the e-mail knowing?

I know about a decade ago I set that up on a users computer (forget what e-mail client) because of a simular situation.

GW

 

If the company is running a mail filtering solution (SurfControl, ClearSwift or something similar) then its trivial to set up in that - best part of doing it is thaty its COMPLETELY silent to the user. Although it is possible to do this in Exchange, I'm always twitchy about touching things I don't fully understand - whereas I'm perfectly at home with SmurfControl and, indeed, currently have several users who are being covertly monitored by our internal compliance department in this manner.

 

Since we're talking about this sort of thing, I think we should talk (even briefly) on the legalities of monitoring a users emails.

I was given the impression by the high-up techs in my company that you may only access anothers account under certain circumstances:
1. You have been instructed by HR to investigate the account as part of a disciplinary investigation
2. To investigate activities you notice that affect service availability
3. In reponse to a report of a fault from the user

I was also under the impression that if you do not approach things correctly, then the company can be sued for breach of human rights (relating to privacy).

Does anyone have any official documentation on the legalities of doing this?

Fergal

 

Your correct ferg, but numerous policies help companys strenghten there position
such as AUP in place, informing users of said monitoring (much like you have to post CCTV noticed) and other such steps

whilst it is true that a lot of techs have god complexes and think they can do what they bloody well please, there are lots of genuine reasons a company can perform such tasks to protect its assests and image

again tho, its a gray area which is why most companys throw people on garden leave in those circumstances

 

I love working for the Old Bill.

Our AUP basically gives us carte blanche to do whatever we like regarding investigating, provided we follow the correct procedures, and it all goes officially via the Internal Affairs bods.

I'm attending a workshop on Admin Abuse next month - that should prove interesting, especially since its aimed squarely at law enforcement peeps

 

That's what after-hours work is for.

 

You might want to weld shut his USB ports too.

I agree with Ryan, send him home paid until his notice runs out, he will not be working at this point with the company's best interests in mind. This is the point when data gets silently stolen.

 

Has the Exchange server not been setup so that it records every message sent and received in the ogranisation to a seperate mail acccount? If I remember rightly this can be done from System Manager, selecting the properties of a storage group and choosing a mailbox? That way you can see what he's getting in and out without him knowing.

 

You can setup a catch all that takes a copy of every email sent and received

System Manager - Mailbox Store - General Tab - Archive

Only problem being it takes a copy of everyone in that stores email, that can be a lot of emails to go through, if you have exchange enterprise just create a new mail store and move the user over one evening then setup archiving.