Re: Mailbox Security

From: Al Mulnick (amulnick_No_SPAM_at_ncDOTrr.com)
Date: 05/07/04 

Date: Thu, 6 May 2004 22:08:49 -0400

Of course. You have an LDAP directory where you can store his public key.
Check out the docs for upgrading KMS to Windows 2003 PKI for an idea of what
gets stored where. http://www.microsoft.com/exchange/library

Al
"Troy Bruder" <troy_bruder@hotmail.com> wrote in message
news:e7N3Hc9MEHA.1468@TK2MSFTNGP12.phx.gbl...
> But, is there any type of encryption or way to link a digital certificate
to
> his mailbox??
>
>
> "Dan King" <danking65@earthlink.net> wrote in message
> news:e%23Jmsh7MEHA.3016@tk2msftngp13.phx.gbl...
> > How did you convince him with Notes?
> > By default I believe Domain Admins are given DENY rights to FULL ACCESS
on
> > the mailboxes. So even if you gave yourself rights you still couldn't
> access
> > the emails until you removed yourself from those groups.
> >
> > I don't see anyway of convincing him that you cannot read the emails.
You
> > are after all Domain Admins, so you CAN do anything you really want
> > to.Whatever you do DO NOT give him Domain admin rights to let him
set/view
> > security. He will just end up screwing it up and cause you to have to
work
> > long/late hours. (I know first hand)
> > You should also educate him on Delegates and folder permissions in
Outlook
> > so he doesn't accidentally give everyone rights to read his mail. By
> default
> > all that is allowed is the reading of the Calendar I believe.
> > If he is that paranoid, he needs to have a secure password as well.
Anyone
> > with it will be able to get to his mail via Outlook, POP, IMAP, Webmail.
> >
> > Bottom line is: he just needs to trust you. Or you can make something up
> :)
> >
> >
> > "Troy Bruder" <N0-Spam-troy.bruder@aptconsulting.com> wrote in message
> > news:uTTGNR6MEHA.892@TK2MSFTNGP09.phx.gbl...
> > > Hello,
> > >
> > > We recently converted from a Notes/Domino environment to a
> > Outlook/Exchange
> > > 2003 environment. The own is VERY parinoid that any of us "domain
admin
> > > types" can read his email. How do I convince him of the security
> features
> > > of exchange, at the same time ensure that NO ONE can access his email?
> > >
> > > Thanks,
> > > Troy
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Mailbox Security
    ... How did you convince him with Notes? ... By default I believe Domain Admins are given DENY rights to FULL ACCESS on ... I don't see anyway of convincing him that you cannot read the emails. ...
    (microsoft.public.exchange.admin)
  • Re: Unable to prevent OU deletion by Domain Admins?
    ... That's how ACLs work, or at ... Microsoft's own guidelines for parsing ACLs states that DENY ACLs ... I understand that domain admins have the delete and delete subtree ... I have a folder where Domain Users have Full control rights. ...
    (microsoft.public.win2000.active_directory)
  • Re: Prevent changes to Administrator password
    ... To add to what I already said: *ANY* member of a Domain Admins group *MUST* be trusted in what he does with his account. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Log on Locally
    ... even if I do not have the rights to log on locally, ... > Logon to the machine as a standard user and use the runas command. ... > snapin to reset the policy. ... I didn't check very well and I add Domain admins to ...
    (microsoft.public.win2000.security)
  • Re: Delegate certain rights to a single Domain Controller
    ... Please note that this hack does not eliminate all possible security risks, ... > This posting is provided "as is" with no warranties and confers no rights ... >> If you think your domain admins can only modify stuff in their own ... >>> cannot modify DCs across domains. ...
    (microsoft.public.windows.server.active_directory)