I was wondering if there is any way to prevent the Network Administrator from reading the CEO's email? I am aware of making the administrator non-domain administrator and give them only the required privileges to do their job. The only issue would be how would he be able to administrate the actual exchange server. Thank you for all your help.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Preventing admin from reading CEO's email
- Thread starter NCOELHO
- Start date
brontosaurus
MIS
You should be able to go into the Mailbox rights section of the CEO's A.D. account and put the Network Admin in as explicitly Denied access.
- Thread starter
- #3
how many admins do you have? You realyl can't effectively deny access to all of the admin. If email security for the CEO is an issue, and he is justified in worrying that the admins will read his email, then time to find another admin.
That being said, the CEO could also have all of his email sent to another off-site email server so that his email would never stay on the company email server very long.
Chris
IT Manager
Houston, Texas
That being said, the CEO could also have all of his email sent to another off-site email server so that his email would never stay on the company email server very long.
Chris
IT Manager
Houston, Texas
If one does not trust his admin, get rid of the admin. There is no way you can stop an admin to take back access, otherwise, he would not be admin anymore but a power user.
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
Knackster - if that was the case, the admin would just enable journalling to another / his mailbox. Always ways around it.
I agree with Mark - you can't stop us accessing the CEO's email, what you can do is minimise the risk by having a good admin.
I agree with Mark - you can't stop us accessing the CEO's email, what you can do is minimise the risk by having a good admin.
Time to get either:
a) A more trustworthy admin
or
b) A less paranoid CEO
At all of the companies that I've had admin rights at, I've never once had the urge to read the CEO's email (or anyone else's for that matter), nor have I ever had an executive or senior manager express concern about it. Seriously, we have enough to keep us busy all day without trying to dig through his email looking for information. If there is an issue with people compromising security, then you need to get rid of the people in question.
a) A more trustworthy admin
or
b) A less paranoid CEO
At all of the companies that I've had admin rights at, I've never once had the urge to read the CEO's email (or anyone else's for that matter), nor have I ever had an executive or senior manager express concern about it. Seriously, we have enough to keep us busy all day without trying to dig through his email looking for information. If there is an issue with people compromising security, then you need to get rid of the people in question.
The funniest part is always when such a paranoid CEO calls about a mail problem.
"Someting is wrong with my mail, come immediately to check and fix it, but don't access my E-Mail!"
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
"Someting is wrong with my mail, come immediately to check and fix it, but don't access my E-Mail!"
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
Domain admins are explicity denied "send as" and "receive as" permissions: This will prevent them from opening someone else's mail. Of course they could in theory remove theexplict deny or set up another account to do it. In this case, auditing and using Neil's method to track down access is the best defense.
BTW: If you don't trust your network admin, why are they a network admin?
BTW: If you don't trust your network admin, why are they a network admin?
Hobbo's article is proactive only though - you have to turn up the logging before it happens then analyse the logs later.
If you suspect someone is already doing it then it is too late to do that. And there is nothing you can do about it without any logs.
If you suspect someone is already doing it then it is too late to do that. And there is nothing you can do about it without any logs.
and forbid someone access the email using OWA and the backup credentials during the backup window, from the machine doing the backups...
or impersonating, oh, i dunno, BES or AV software.
Robert Liebsch
Systems Psychologist,
Network Sociologist,
Security Pathologist,
User Therapist.
or impersonating, oh, i dunno, BES or AV software.
Robert Liebsch
Systems Psychologist,
Network Sociologist,
Security Pathologist,
User Therapist.
Bottom line, you can forbid, deny, block, restrict anything you want, but as long as there is an admin to do all that, there is an admin (the same) to UNdo or bypass all that!
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
DCBennett,
and that would stop me, as admin, how?
All you do is make it more difficult to manage for the user, an admin has no problem whatsoever intercepting mails BEFORE they get to the CEO.
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
and that would stop me, as admin, how?
All you do is make it more difficult to manage for the user, an admin has no problem whatsoever intercepting mails BEFORE they get to the CEO.
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
I'm Mr Untrusted Admin. Yeah sure Boss, your friend told you about password protected PST files. I'll just journal your mailbox/store off to my gmail account and read everything there at night - no traces to show I've read it.
You want a Yahoo account that you'll use instead of Exchange? Sure, I'll put a key logger on your box.
Maybe an RDP session with no requirement for user intervention might be better so I can watch you all day.
There are always ways.
You want a Yahoo account that you'll use instead of Exchange? Sure, I'll put a key logger on your box.
Maybe an RDP session with no requirement for user intervention might be better so I can watch you all day.
There are always ways.
rationalbus
IS-IT--Management
I read this post with great interest. I am a third party solution provider and am amazed at many of the responses here. I don't care if you have the most trustworthy admin on the planet. The fact is that it is a poor system when the design is such that the admin can incredibly easily read the CEO's email. I have been asked this by almost every single CEO that I have ever worked for. They actually don't care if I have access but they don't want anyone inside the organization to be able to access it. We support many law firms, health care organizations and general businesses. The CEOs all want the same thing. Unfortunately, due to the design of Exchange, I don't believe they can get it. This is unfortunate. It causes the CEO to use alternate forms of communication for sensitive matters.
This design flaw (yes, I think it is a flaw) shows that Microsoft creates its design in the interest of its admins rather than in the interests of the CEOs, the ones paying for the product. I would bet that most CEOs do not even realise this vulnerability.
The solution is simple. I have no problem with the fact that the admin CAN read the email. I would simply like there to be some alert to the user when this HAS been done. 99% of admins out there would never read the email, maybe even more than that. However, to give that CEO the piece of mind that it is never being done, some alert should be available. Another way would be to require that the only way the admin could read the email would be by resetting the password. Then the CEO would know that something was going on if his password was reset.
I am keenly interested if anyone has any other solution within Exchange that can handle this problem. As I said, I don't mind giving the keys to the safe to someone, I just want to know if they have opened it.
This design flaw (yes, I think it is a flaw) shows that Microsoft creates its design in the interest of its admins rather than in the interests of the CEOs, the ones paying for the product. I would bet that most CEOs do not even realise this vulnerability.
The solution is simple. I have no problem with the fact that the admin CAN read the email. I would simply like there to be some alert to the user when this HAS been done. 99% of admins out there would never read the email, maybe even more than that. However, to give that CEO the piece of mind that it is never being done, some alert should be available. Another way would be to require that the only way the admin could read the email would be by resetting the password. Then the CEO would know that something was going on if his password was reset.
I am keenly interested if anyone has any other solution within Exchange that can handle this problem. As I said, I don't mind giving the keys to the safe to someone, I just want to know if they have opened it.
No. What you are describing has absolutely nothing to do with Exchange or Microsoft, tt is simply the nature email.
You cannot design a system to handle email that requires administrator level privileges to install, maintain, and support and yet not have email readable by the admin. Sure, you can do all sorts of funky encryption/protection etc on the actual mail data once it hits the CEOs mailbox to make sure that it's unreadable by the admin. But since the admin is also responsible for mail routing there isn't anything preventing him from getting automatically CC'd on the CEO's emails, or capturing copies of those email messages in transit. Additionally, there's nothing that would prevent an admin at an outside company from intercepting email messages between his CEO and yours. Or for that matter, there's nothing preventing someone from sniffing the SMTP traffic from the ISP and getting copies of the email.
Email is not a secure method of communication. It was never designed to be, and anyone who believes that it is just has their head in the sand. The only chance that you have of securing email communications from prying eyes is to use encryption software to encrypt the message from the sender and decrypt it at the receiving end. Unfortunately, that makes the system too complicated for non-technical people to use, and if you lose the decryption keys then you end up with email messages that nobody can read, not even the intended recipient. Of course, there are systems that are designed to make email encryption much more user friendly and allow for key recovery, etc, but those all require some level of admin privileges (which means that you're back to your admin being able to read your mail).
And while we're at it, let's dispel the myth that you can lock down file shares so that your admin can't get at it. You can't. Your admin will need the ability to manage file permissions, and if they have that ability then they have the ability to give themselves access to the files in question. Your backup software will need access to the files to back them up, and that's another attack vector.
What all of this comes down to is very simple: technology requires technically competent people to manage it. Those people need administrative privileges to manage the systems, which includes the ability to get total access to everything on those systems. Therefore you have two options:
1. Hire trustworthy people while maintaining a system of checks to ensure that authority isn't abused.
2. Don't use technology.
You cannot design a system to handle email that requires administrator level privileges to install, maintain, and support and yet not have email readable by the admin. Sure, you can do all sorts of funky encryption/protection etc on the actual mail data once it hits the CEOs mailbox to make sure that it's unreadable by the admin. But since the admin is also responsible for mail routing there isn't anything preventing him from getting automatically CC'd on the CEO's emails, or capturing copies of those email messages in transit. Additionally, there's nothing that would prevent an admin at an outside company from intercepting email messages between his CEO and yours. Or for that matter, there's nothing preventing someone from sniffing the SMTP traffic from the ISP and getting copies of the email.
Email is not a secure method of communication. It was never designed to be, and anyone who believes that it is just has their head in the sand. The only chance that you have of securing email communications from prying eyes is to use encryption software to encrypt the message from the sender and decrypt it at the receiving end. Unfortunately, that makes the system too complicated for non-technical people to use, and if you lose the decryption keys then you end up with email messages that nobody can read, not even the intended recipient. Of course, there are systems that are designed to make email encryption much more user friendly and allow for key recovery, etc, but those all require some level of admin privileges (which means that you're back to your admin being able to read your mail).
And while we're at it, let's dispel the myth that you can lock down file shares so that your admin can't get at it. You can't. Your admin will need the ability to manage file permissions, and if they have that ability then they have the ability to give themselves access to the files in question. Your backup software will need access to the files to back them up, and that's another attack vector.
What all of this comes down to is very simple: technology requires technically competent people to manage it. Those people need administrative privileges to manage the systems, which includes the ability to get total access to everything on those systems. Therefore you have two options:
1. Hire trustworthy people while maintaining a system of checks to ensure that authority isn't abused.
2. Don't use technology.
rationalbus
IS-IT--Management
I agree with all that you have said. The truth is that you need to hire trustworthy admins. You also can't treat email as secure communication. I guess my point is that it is just too incredibly easy to read the email. The admin can now do it with no effort. Some of the methods mentioned in this post would at least require some effort. I just wish there was a way to detect that it was being read without actually stopping it from happening.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
