User Account Prob?

Out of curiosity, if i wanted another users email forwarded to my email inbox but did`nt want this user to be able to log on and use his mail, how would i be able to set this up. ? Would i just need to change his password? or would his mail be able to forward to my mail if his account were disabled? How could i set his mail to be forwarded to me?

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I hope this is really "just curiosity"...

    I don't know if disabling the account also disables the email - I would guess it does in W2K/E2K and higher. I'm still stuck on Exchange 5.5 here... though it is a W2K3 AD domain.

    Anyway, a trick would be to check the box in the user's account properties that says "Require Smart Card to log on" and assuming he doesn't have one he will not be able to log on, but his email would continue to function. Essentially you just changed his password to a random 254 character password that only the DC knows, so when/if you uncheck the box you will have to reset his password.
    All things are possible, only believe.
  • Danman32Danman32 Member Posts: 1,243
    Forwarding can be set in the Exchange tab of the user object. I forget which button on the tab. Our KVM is broke so I can't get to my lab's W2K/E2K server.

    I think he can still recieve mail and forward if the account is disabled.
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    Exchange General Tab -> Delivery Options

    You can set it to forward in there. As for making sure he/she doesn't log in, just keep the account enabled and use a good password that no one but you will know.

    However, I only do this temporarily, especially if this is a termination. Like 2-3 weeks is enough time IMO to keep a person's email forwarded after termination.
  • billybob01billybob01 Member Posts: 504
    Thanks guys i will try the suggestions. And yes it was curiosity!! I`m learning about security and ask myself what if questions and try to figure them out but this one just foxed me. Thanks again
  • TrailerisfTrailerisf Member Posts: 455
    Dont need to change the password...

    Exchange General> Delivery Option> Select user from list > select forward....

    Don't include the "and deliver to mailbox" one... User will not get emails at all...
    On the road to Cisco. Will I hunt it, or will it hunt me?
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Trailerisf wrote:
    Dont need to change the password...

    Exchange General> Delivery Option> Select user from list > select forward....

    Don't include the "and deliver to mailbox" one... User will not get emails at all...
    Oh yeah, good idea. I should have thought of that.
    All things are possible, only believe.
  • iankfiankf Member Posts: 49 ■■□□□□□□□□
    Ok im not very good at exchange but, I have two suggestions

    What if you just delegate yourself control so then you can just read the emails? Lot less hassle? Plus that way you would not have to enter his password to gain access.

    Another suggestion is if possible you deleted his account to setup a mail enabled not mailbox enabled account and just set it to forward mail to you? Not sure if you can do that in contact.

    Told you complete rubbish icon_redface.gif
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    Trailerisf wrote:
    Dont need to change the password...

    Exchange General> Delivery Option> Select user from list > select forward....

    Don't include the "and deliver to mailbox" one... User will not get emails at all...

    Correct, but I thought he wanted it to where the user could not login to the network, but still receive emails. So to my knowledge the only thing you could do in that case would be to change the password and forward the emails the way described. Unless I read it wrong, which is always possible :D
    iankf wrote:
    Another suggestion is if possible you deleted his account to setup a mail enabled not mailbox enabled account and just set it to forward mail to you? Not sure if you can do that in contact.

    Do you mean just set up a regular contact rather than a Domain Account? If that is what you mean then it would work also.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I think a disclaimer here is in order, as this subject of "Read someone else's email without them knowing it" is a bit suspicious for this thread topic, since that question will most likely never show up on the exam.

    DISCLAIMER:It is illegal to read someone else's email without their consent unless you are acting in the official capacity with authorized LE officials. It does not matter if you are a Domain Admin and just protecting your company, doing what the boss said, or any other reason! You can be prosecuted if you do it, even in ignorance of the law.
    If you work for/with the DoD you can be tried under the Uniform Code of Military Justice as well. Yada yada yada - you've been warned.

    There, I feel better now. icon_lol.gif
    All things are possible, only believe.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    The user account has to remain enabled.

    I like the suggestion of "require smart card logon".
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • Danman32Danman32 Member Posts: 1,243
    Hmm, in studying for Security+, companies have the right to examine emails on their system, especially if a privacy and acceptable use policy has been drafted and signed by the employee.

    In any case, you can forward to an email account and also deliver to the mailbox. This is for inbouond mail. It doesn't do anything for outbound mail. If the mailbox is a special mailbox that doesn't really have a user involved, or the user won't be able to access the mailbox for a while, you can forward without dropping in the mailbox with that checkbox cleared. This way you don't fill up the mailbox with unread mail.

    Admins by default are denied access to the mailboxes, but that deny permission can be removed to allow admins to the mailbox as it was in Exchange 5.5. This I suppose was mainly so that IT can't arbitrarily read executives' mail.
  • iankfiankf Member Posts: 49 ■■□□□□□□□□
    iankf wrote:
    Another suggestion is if possible you deleted his account to setup a mail enabled not mailbox enabled account and just set it to forward mail to you? Not sure if you can do that in contact.

    Do you mean just set up a regular contact rather than a Domain Account? If that is what you mean then it would work also.[/quote]

    Good I am learning, get scared sometimes I'm not picking anything up
Sign In or Register to comment.