RE: Former Employee Email - Exchange

["Evert Breero" <Evert.Breero () aapt com au>]

Hi,

I know the dilemma that you face.

In our organisation, when an employee leaves, the user's LAN and Email
account is automatically disabled once the account is terminated within
the HR system.
This great as you don't have to worry about disabling the account
manually, however the problem comes in when you need to gain access to
past emails for Management or staff taking over, as once the LAN account
becomes active again, then Metadirectory which sits between SAP and AD,
will again automatically disable the account.
In these case, staff approach my department, and we will gain access to
the mailbox, extract business related info, create a PST, and hand this
over to the requestor.
With the mailbox, as this is disabled, whenever a email is sent to it,
it will display a message stating the mailbox is unavailable.  In most
cases, we don't take any action on the disabled mailbox unless
requested.  However, after the account is disabled for a period of 45
days, the emails are archived, the account is removed from AD.
Should the email ever be needed with regards to a court case, it can be
retrieved from the archives, and restored for the requestor.

Hope this helps.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of nextdrewsaid () gmail com
Sent: Saturday, 19 January 2008 6:27 AM
To: security-basics () securityfocus com
Subject: Former Employee Email - Exchange

The situation I have on my hands is something that I am sure many of you
deal with on a somewhat regular basis; however, I am sure in each case
it is handled differently.

When an employee leaves the company, how do you handle their email?
Initially, in our case, an auto response is put up stating that the user
is no longer with the company, and that you should contact "this person"
for assistance etc...

Several times we have created a PST of the former employees email, and
then import that PST into the persons email box who has replaced them or
we have passed it off to their former manager, of course we place it in
a separate folder so as not mingle with their own email. 

So how do you handle old email, specifically containers in an Exchange
2003 environment?

I would be interested in all thoughts, from security, regulatory and
logistical point of view.


This communication, including any attachments, is confidential. If you are not the intended recipient, you should not 
read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose 
anything about it.