Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Notes Administrator unauthorized email access

Status
Not open for further replies.

wild4north

IS-IT--Management
Dec 3, 2012
1
CA
Hey Folks,

I have a situation where one of my Notes Administrators is possibly accessing users (including direct supervisors) email accounts. I know a real Notes Administrator by ethical practice wouldn't do this, but this seems to be the case. I need to find a way to determine all databases that this particular user has accessed going back as far as possible. I know I can see user activity access details by inspecting every database, but realistically this doesn't scale. I've also noticed that this doesn't go back very far into the past. I need to find a history of unauthorized access that I can have actioned by mgmt. I have VERY limited scripting abilities, and have no ability to bring someone in or get outside help officially in any way. I won't even be able to purchase any tools without compromising. Suggestions?

Thanks in advance.
 
Hi

Very hard to stop a trusted admin from accessing mail and database that he is a manager of and where he may have access to the file server either directly or indirectly via RDP etc. Without some pretty clever scripting then there is no easy way and he could use the server id which will not show him as the offender.
In my 30 years of IT, if someone is accessing mails and the like then they are doing other things as well. ie searching the file servers for newly created files on payday or the CEO secretary's or HR managers personal drives - you would know more than any one person in the entire company!!!
With your limited budget and need of proof then I would suggest a good PC monitoring software to be installed on his PC to capture his keystrokes and screenshots. Some of these software packages run hidden in the background and you will then have all the proof you need.
At our workplace we have all people access production servers via jumpboxes which have recording software installed, this can be viewed by the security team anytime. This works if there are no back doors thru firewalls and access to the Datacentre is monitored\recorded but its very expensive.
Basically, you will find this guy is just not busy enough and will often be the guy where a lot of rumors start around the office.
We have had guys\girls do the same and had other download dodgy stuff and even one guy who was downloading songs and burning hundreds of CD\DVD's in the build room - appeared to work very hard but only for himself.

Hope you sort it out.

SPI200
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top