Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

best way to isolate an email mailboxes from IT?

Status
Not open for further replies.
mingtmak

mingtmak

Technical User
Apr 5, 2006
101
CA
Looking for a way to isolate the executives of a companies emails so that IT has no way of reading their emails.

Is the best way the split-permissions model?

Or is there a way to separate the executives into a storage group and then encrypt it?

- Jon
 
Sort by date Sort by votes
The no real way to stop IT from reading emails, but you certainly can audit it so that if someone does do it you can catch them.
 
Upvote 0 Downvote
You could try setting up either subdomains or just a different mailstore and messing with the delegation. If you are a publicly traded company though, you cannot leave the executives to their own.
 
Upvote 0 Downvote
IT are the keepers of the keys / the jailers. If you can't trust them then you are in more trouble than this.
 
Upvote 0 Downvote
I think I over-generalized. Goal is to basically isolate executive emails to a senior IT person(s) only. At the moment all IT staff has full admin access to everything.
Would like to prevent any way for other IT staff to gain access to content within the executive email mailboxes. (even through a recovery of a backup file).

It's not a publicly traded company.

Has anyone done the subdomains/different mailstore method before? I'm going to try it in a test environment and see how it goes.

I also want to do this without too much change to the current Exchange environment.

- Jon
 
Upvote 0 Downvote
Thats easy enough then, just add a new mailstore and put the execs in there. Delegate administration to only allow that one IT guy admin rights to it.
 
Upvote 0 Downvote
Thanks Baddos.
I just discussed this with another person. He suggested pretty much the same thing but moving all normal user mailboxes to the new storage group and delegate that to the IT guy, instead. Saying it would be an easier time of delegating permissions to him vs. removing.





- Jon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
1K
Satishkumar007
Satishkumar007
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited

Part and Inventory Search

Sponsor

Back
Top