Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

best way to isolate an email mailboxes from IT?

Status
Not open for further replies.

mingtmak

Technical User
Apr 5, 2006
101
CA
Looking for a way to isolate the executives of a companies emails so that IT has no way of reading their emails.

Is the best way the split-permissions model?

Or is there a way to separate the executives into a storage group and then encrypt it?

- Jon
 
The no real way to stop IT from reading emails, but you certainly can audit it so that if someone does do it you can catch them.
 
You could try setting up either subdomains or just a different mailstore and messing with the delegation. If you are a publicly traded company though, you cannot leave the executives to their own.
 
IT are the keepers of the keys / the jailers. If you can't trust them then you are in more trouble than this.
 
I think I over-generalized. Goal is to basically isolate executive emails to a senior IT person(s) only. At the moment all IT staff has full admin access to everything.
Would like to prevent any way for other IT staff to gain access to content within the executive email mailboxes. (even through a recovery of a backup file).

It's not a publicly traded company.

Has anyone done the subdomains/different mailstore method before? I'm going to try it in a test environment and see how it goes.

I also want to do this without too much change to the current Exchange environment.

- Jon
 
Thats easy enough then, just add a new mailstore and put the execs in there. Delegate administration to only allow that one IT guy admin rights to it.
 
Thanks Baddos.
I just discussed this with another person. He suggested pretty much the same thing but moving all normal user mailboxes to the new storage group and delegate that to the IT guy, instead. Saying it would be an easier time of delegating permissions to him vs. removing.





- Jon
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top