Unauthorized Monitoring of Email

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

SBS2003.

Hello,

When the company I work for was purchased two years ago, I was required to
give the administrative password to the new owner's son. In the past week, I
have received many comments from users who suspect he is logging in remotely
and monitoring users' email by going into their accounts and reading their
messages. The first thing I would like to do is see if he is actually doing
it. Is there some sort of alert that I can set up to tell me, or log when he
logs in? I can look at the security log in event viewer, but there are so
many events that have the Administrator name, I don't even know what they
all mean. Also, currently the log only holds about a two days of events. I
could increase the size, but it would start taking much more space on my
hard drive. Less than one day of data is 65MB. Finally, I don't think the
event logs are where I go to see if he is logging into other users'
mailboxes. That said, are there any kind of events that I could look for in
Exchange that might tell me what I need to know?

Secondly, if I find that he is poking around in the mailboxes, I have to cut
off his access to the domain, or at least to the inside of other users'
boxes. There were only two ways I could figure to do this:

1. Change the administrative password - From what I understand, this is not
as easy as it sounds because of other services/programs running under that
administrative account as well as the local admin account on the individual
PCs. I have looked around for some sort of guide, but I can't find anything.
Any ideas?

2. Lock out administrative access to Exchange - I figured that I could deny
read permissions on the store to the Administrator account. Since some
account needs to be able to have read permissions, I could create another
account, and establish read permissions on it. I would also have to somehow
prevent the Administrator account from being allowed to re-grant itself
permissions. This solution sounds pretty complicated to me (not to mention
that I have no idea how to do it), but maybe it's easier than changing the
password on the account.

If anyone has any ideas, I would definitely appreciate the help.

Chris


.

Relevant Pages

  • Re: Help Please re. User Rights???
    ... file ownership and permissions supersede administrator rights. ... This is not your administrator account, ... > "Michael Solomon " wrote:>>> First, if you downloaded QuickBooks, is this a legal version? ...
    (microsoft.public.windowsxp.accessibility)
  • Re: Need Help regarding "send AS"
    ... and user B has Send As rights on user A's account in the ... Does Administrator or any group to which Administrator belongs have Send As ... all of them, except "Special Permissions". ... Ben Winzenz skrev: ...
    (microsoft.public.exchange.admin)
  • Re: Need Help regarding "send AS"
    ... and user B has Send As rights on user A's account in the ... Does Administrator or any group to which Administrator belongs have Send As ... all of them, except "Special Permissions". ... Ben Winzenz skrev: ...
    (microsoft.public.exchange.admin)
  • Re: Unauthorized Monitoring of Email
    ... were REQUIRED to give the administrative password to the NEW OWNER'S ... administrative account as well as the local admin account on the individual ... read permissions on the store to the Administrator account. ...
    (microsoft.public.windows.server.sbs)
  • SP2 - Access Denied error when installing software
    ... we'll repair Windows and then install SP2. ... > Okay here's what I've found in the registry looking at the permissions in the ... So I added my account and "Users " groups. ... > By the way I did all this from safe mode under the "Administrator" account. ...
    (microsoft.public.games)