User Account Prob?

Out of curiosity, if i wanted another users email forwarded to my email inbox but did`nt want this user to be able to log on and use his mail, how would i be able to set this up. ? Would i just need to change his password? or would his mail be able to forward to my mail if his account were disabled? How could i set his mail to be forwarded to me?

Find more posts tagged with

Comments

sprkymrk

I hope this is really "just curiosity"...

I don't know if disabling the account also disables the email - I would guess it does in W2K/E2K and higher. I'm still stuck on Exchange 5.5 here... though it is a W2K3 AD domain.

Anyway, a trick would be to check the box in the user's account properties that says "Require Smart Card to log on" and assuming he doesn't have one he will not be able to log on, but his email would continue to function. Essentially you just changed his password to a random 254 character password that only the DC knows, so when/if you uncheck the box you will have to reset his password.

Danman32

Forwarding can be set in the Exchange tab of the user object. I forget which button on the tab. Our KVM is broke so I can't get to my lab's W2K/E2K server.

I think he can still recieve mail and forward if the account is disabled.

TeKniques

Exchange General Tab -> Delivery Options

You can set it to forward in there. As for making sure he/she doesn't log in, just keep the account enabled and use a good password that no one but you will know.

However, I only do this temporarily, especially if this is a termination. Like 2-3 weeks is enough time IMO to keep a person's email forwarded after termination.

billybob01

Thanks guys i will try the suggestions. And yes it was curiosity!! I`m learning about security and ask myself what if questions and try to figure them out but this one just foxed me. Thanks again

Trailerisf

Dont need to change the password...

Exchange General> Delivery Option> Select user from list > select forward....

Don't include the "and deliver to mailbox" one... User will not get emails at all...

sprkymrk

Trailerisf wrote:

Dont need to change the password...

Exchange General> Delivery Option> Select user from list > select forward....

Don't include the "and deliver to mailbox" one... User will not get emails at all...

Oh yeah, good idea. I should have thought of that.

iankf

Ok im not very good at exchange but, I have two suggestions

What if you just delegate yourself control so then you can just read the emails? Lot less hassle? Plus that way you would not have to enter his password to gain access.

Another suggestion is if possible you deleted his account to setup a mail enabled not mailbox enabled account and just set it to forward mail to you? Not sure if you can do that in contact.

Told you complete rubbish

TeKniques

Trailerisf wrote:

Dont need to change the password...

Exchange General> Delivery Option> Select user from list > select forward....

Don't include the "and deliver to mailbox" one... User will not get emails at all...

Correct, but I thought he wanted it to where the user could not login to the network, but still receive emails. So to my knowledge the only thing you could do in that case would be to change the password and forward the emails the way described. Unless I read it wrong, which is always possible

iankf wrote:

Another suggestion is if possible you deleted his account to setup a mail enabled not mailbox enabled account and just set it to forward mail to you? Not sure if you can do that in contact.

Do you mean just set up a regular contact rather than a Domain Account? If that is what you mean then it would work also.

sprkymrk

I think a disclaimer here is in order, as this subject of "Read someone else's email without them knowing it" is a bit suspicious for this thread topic, since that question will most likely never show up on the exam.

DISCLAIMER:It is illegal to read someone else's email without their consent unless you are acting in the official capacity with authorized LE officials. It does not matter if you are a Domain Admin and just protecting your company, doing what the boss said, or any other reason! You can be prosecuted if you do it, even in ignorance of the law.
If you work for/with the DoD you can be tried under the Uniform Code of Military Justice as well. Yada yada yada - you've been warned.

There, I feel better now.

blargoe

The user account has to remain enabled.

I like the suggestion of "require smart card logon".

Danman32

Hmm, in studying for Security+, companies have the right to examine emails on their system, especially if a privacy and acceptable use policy has been drafted and signed by the employee.

In any case, you can forward to an email account and also deliver to the mailbox. This is for inbouond mail. It doesn't do anything for outbound mail. If the mailbox is a special mailbox that doesn't really have a user involved, or the user won't be able to access the mailbox for a while, you can forward without dropping in the mailbox with that checkbox cleared. This way you don't fill up the mailbox with unread mail.

Admins by default are denied access to the mailboxes, but that deny permission can be removed to allow admins to the mailbox as it was in Exchange 5.5. This I suppose was mainly so that IT can't arbitrarily read executives' mail.

iankf

iankf wrote:

Another suggestion is if possible you deleted his account to setup a mail enabled not mailbox enabled account and just set it to forward mail to you? Not sure if you can do that in contact.

Do you mean just set up a regular contact rather than a Domain Account? If that is what you mean then it would work also.[/quote]

Good I am learning, get scared sometimes I'm not picking anything up