Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Former Employee Email - Exchange

From: Jay <jayvanguy () gmail com>
Date: Mon, 21 Jan 2008 22:57:17 -0700
When an employee leaves we normally disable the account for a short time until deletion time us up ,hide the e-mail account from the address book and deny any mail going to the mailbox. Normally we do no grant access to mailboxes for any purpose. The most we do is export the mailbox to a .PST for the Manager or who needs to review. If we grant mailbox access then this normally requires HR approval. But every company is different and has different policies. It all depends on how your policies are laid out according to the laws you must follow. 


On 21-Jan-08, at 2:57 PM, Roger Onken wrote:


We disable the users account; add the manager/supervisor as
a user with full privileges to the mailbox, then add the
users mailbox to the manager's Outlook for review.  We would
rather contact the sender directly, if need be, to let them
know there is someone new to work with, rather than
auto-responding, which seems kind of cold.  We follow up
with the manager every 30 days to see if we can shut down
the mailbox and archive it to a .pst.

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of
nextdrewsaid () gmail com
Sent: Friday, January 18, 2008 1:27 PM
To: security-basics () securityfocus com
Subject: Former Employee Email - Exchange

The situation I have on my hands is something that I am sure
many of you deal with on a somewhat regular basis; however,
I am sure in each case it is handled differently.

When an employee leaves the company, how do you handle their
email? Initially, in our case, an auto response is put up
stating that the user is no longer with the company, and
that you should contact "this person" for assistance etc...

Several times we have created a PST of the former employees
email, and then import that PST into the persons email box
who has replaced them or we have passed it off to their
former manager, of course we place it in a separate folder
so as not mingle with their own email.

So how do you handle old email, specifically containers in
an Exchange 2003 environment?

I would be interested in all thoughts, from security,
regulatory and logistical point of view.
Previous By Date Next
Previous By Thread Next

Current thread: