Problem solve Get help with specific problems with your technologies, process and projects.

Protect mailbox confidentiality

Keep others out, let the admin in.

How do you ensure that your users will enjoy confidentiality of their mailboxes? Well, there are ways that you can make it difficult for persons other than authorized users, and administrators, to access a given mailbox. This tip offers ways to ensure that the administrator can get into users mailboxes for legitimate purposes, and some ways to keep others (nosy snoopers, etc.) from doing so.

Let's look at how a user's mailbox can be accessed via the Exchange administrator application. The truth is, the administrator is capable of looking at mail stored in a user's mailbox only by applying the NT logon account to the particular user's mailbox. The process is as follows:

  1. In Exchange Administrator 5.5, highlight the user's mailbox then click on File/ Properties.
  2. Select the Permissions tab (If not visible go to Tools/Options. Select the Permissions tab and ensure that both "Show Permissions Page for all objects and "Display rights for roles on Permissions Page" boxes are checked).
  3. On the Permissions tab, click Add to include your NT account to the list of accounts with mailbox owner right permissions to that particular mailbox.

If you follow this procedure, you let the administrator into a user's mailbox. Obviously you cannot now prevent this from happening, nor can you ensure that others will not abuse the permission. But certain control measures can be put into place to limit the extent by which administrators can abuse their power. They are:

  • Allow only a few people (the administrator and a superior, e.g.) to know the Exchange services account password.

  • Make sure that all Exchange administrators log off the administrator's account when they're not working on the Exchange Server.

  • Assign ownership of mail folders stored in the Exchange server to the respective user account and not the administrator.

    Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.