Exchange & Outlook UPDATE, Exchange Edition, July 22, 2004
Paul Robichaux talks about a sensitive subject--protecting data from administrators. Plus, get tips and information about Exchange, Outlook, and related products.
July 21, 2004
===============
Ensure that your Exchange and Outlook UPDATE isn't mistakenly blocked by antispam software. Add [email protected] to your list of allowed senders and contacts.
==========
==== This Issue Sponsored By ==== Cluster-class Availability for Exchange - Without the Complexity or Cost of Traditional Clustering!
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJ420As Manage Email & PSTs with Mail Attender (Free Trial)
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BBPk0AB
==========
1. Commentary
- It's a Matter of Trust 2. Resources
- Featured Thread: Problem Mounting Mailbox Stores
- Outlook Tip: Including Header Information When Printing Drafts 3. New and Improved
- Zip and Unzip Email Attachments
- Tell Us About a Hot Product and Get a T-Shirt!
==========
~~~~ Sponsor: Neverfail ~~~~
Cluster-class Availability for Exchange – Without the Complexity or Cost of Traditional Clustering!
Has your business suffered a loss of communications at critical moments because your Exchange server was down? Neverfail for Exchange is a software solution that ensures true application availability. It's easy to install and use; offering cluster-class availability at a fraction of the cost and complexity of traditional clustering. To learn how Neverfail can help your business save IT dollars and resources access a free white paper or view a self-paced product demo:
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJ420As
==========
Editor's note: Share Your Exchange Discoveries and Get $100 Share your Exchange Server and Outlook discoveries, comments, or problems and solutions for use in the Exchange & Outlook Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. We edit submissions for style, grammar, and length. If we print your submission, you'll get $100.
==========
==== 1. Commentary: It's a Matter of Trust ==== by Paul Robichaux, News Editor, [email protected] We all have secrets. Of course, some people (and companies) have more secrets than others. For example, consider an oil company. Its messaging system likely contains a wealth of information that has both intrinsic value (e.g., plans for drilling in specific fields) and competitive value (e.g., how much oil the company has in reserve, when it plans to perform preventative maintenance on key facilities). You can easily come up with examples from whichever field your organization is in: government, education, banking, health care--all have sensitive data that needs protection. Of course, Exchange Server has a ton of features aimed at protecting sensitive data from outside attackers. But what do you do when your data is so sensitive that you need to shield it even from your own administrators? Security experts will chorus, "If you can't trust your administrators, they shouldn't have administrative privileges!" This is absolutely true--and beside the point in many environments. Unfortunately, even when you take care to screen your administrators, sufficiently valuable data can serve as a temptation (or threat) that might exceed a person's ability to resist. Sometimes, it's simply better to be safe than sorry. One obvious approach is to prevent administrators from opening mailboxes that don't belong to them. By default, Exchange Server 2003 and Exchange 2000 Server add a Deny ACL to Information Store (IS) databases for administrators. Although the Microsoft article "XADM: How to Get Service Account Access to All Mailboxes in Exchange 2000" ( http://support.microsoft.com/?kbid=262054 ) describes how to work around this ACL, each of the described workarounds has a countermeasure. To protect against administrators who add their accounts to the Exchange Domain Servers or Exchange Services security groups, regularly audit those groups' memberships. (Exchange 2003 also removes manually added accounts from the groups, but don't use that as a substitute for a good audit procedure). To protect against changes to the ACL on the mailbox databases, audit object access on those objects, then look for permission or ownership changes. Another potential approach is to sharpen the distinction between Exchange administrators and Windows administrators. Exchange administrators don't need Windows administrator rights, and vice versa. At many organizations, the same people fill both roles, but if security is a big concern for you, consider separating the roles as often as you can. After you've reduced the number of people who have administrative privileges, you can gain even more security by preventing lone administrators from accessing data. A common tactic is to create a complex administrative password, split it into two halves, and give each half to a different person so that they must work together to enter the password and log on. If you're thinking that you could encrypt sensitive data with a key that administrators don't have--for example, by putting the Exchange databases on a partition protected by the Windows Encrypting File System (EFS)--you'll have to think again. Unfortunately, that tactic doesn't work well for Exchange, and Microsoft doesn't officially support the use of Exchange with EFS (although it does support the use of EFS with Microsoft SQL Server 2000). You might be able to make this approach work, but I don't recommend using EFS with Exchange in production. However, you can force the use of Secure MIME (S/MIME) encryption for all users. Doing so will encrypt newly created messages but won't protect existing email and might be difficult to enforce (especially when you need to protect email going to and from the outside world). The real problem, of course, is that these measures only scratch the surface. A determined administrator might attack in a number of other ways: by sniffing network traffic, grabbing backup tapes and restoring them offsite, or installing keystroke logging software or hardware. The bottom line is that if an untrustworthy administrator gets loose on your network, there's no way to guarantee the security of your systems or data. Still, every effort counts when it comes to protecting your data.
==========
~~~~ Sponsor: Sherpa Software ~~~~
Manage Email & PSTs with Mail Attender (Free Trial)
Having trouble accessing PST Files? Looking for a cost-efficient email management solution? Mail Attender Enterprise gives you the ability to automatically manage PST files (network accessible and local), Public Folders and Exchange Mailboxes from a central location. Perform keyword searches to retrieve information, implement retention policies, address compliance issues, compress attachments, compact PSTs, archive data to a secure storage device and view email statistics across your enterprise. With Mail Attender Enterprise, you will decrease administration time, reclaim storage space and reduce liabilities. Download a FREE TRIAL today!
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BBPk0AB
==========
==== Announcements ==== (from Windows & .NET Magazine and its partners) Get Subscriber Access to Everything in the Windows & .NET Magazine Network!
Our VIP Web site/Super CD subscribers are used to getting online access to all of our publications, plus a print subscription to Windows & .NET Magazine and exclusive access to our banner-free VIP Web site. Now we've added even more content from the archives of SQL Server Magazine! You won't find a more complete and comprehensive resource anywhere--check it out!
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJEb0Ax Get Equipped to Fight Against Spammers With Our Latest Email Security Toolkit II--Includes a White Paper, Web Seminar, and eBook
Take the next steps against the "silent killer" and learn how to prepare for directory harvest attacks. Plus, find out how to eliminate spam and viruses by learning spammers' new covert tactics designed to get past conventional spam content filters. Get the latest Email Security Toolkit now!
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJyu0AA Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJkl0Al ==== 2. Resources ==== Featured Thread: Problem Mounting Mailbox Stores
A forum reader ran into some trouble mounting the stores in Exchange Server 2003. To find out how the problem was solved--or to participate in our forums--go to the following URL:
http://www.winnetmag.com/forums/rd.cfm?cid=40&tid=123613 Outlook Tip: Including Header Information When Printing Drafts by Sue Mosher, [email protected] Q: When I print a draft of an email message, only the body of the message prints. How can I print the header information too? A: You've encountered one of the differences between WordMail (i.e., using Microsoft Word as your email editor) and the regular Outlook editor, which prints headers in draft messages. The solution is to temporarily turn off WordMail before you print your message. First, save and close your message. Next, click Tools, Options, Mail Format and clear the "Use Microsoft Word to edit e-mail messages" check box. Then, open your draft message and print it. After you print the message, you can turn WordMail back on and reopen the message to edit it.
See the Windows & .NET Magazine Exchange & Outlook Web page for more great tips.
http://www.winnetmag.com/microsoftexchangeoutlook ==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) Going Beyond Blade Server Basics
In this free Web seminar, attendees will learn about the scalability of blade servers and how the HP BL series of servers work. And, we'll look at support for remote management, Integrated Lights Out (ILO) management, automated configuration, and server provisioning, as well as specialized server designations within a blade enclosure and more. Register now!
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJyv0AB ==== 3. New and Improved ==== by Angie Brew, [email protected] Zip and Unzip Email Attachments
C2C Systems released MaX Compression Enterprise, an application that automatically and invisibly zips and unzips email attachments. MaX Compression Enterprise acts at all Access Points (APs) to make sure that email travels and stores in the most efficient state. The product features a Smart Mode that lets you configure central rules to determine which compression mode to use. The product supports Outlook 2003/2002/2000/98 and Outlook Web Access (OWA). For pricing, contact C2C at 413-739-8575.
http://www.c2c.com Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]. ==== Sponsored Links ==== Argent
Comparison Paper: The Argent Guardian Easily Beats Out MOM
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BDWV0Ax CrossTec
Free Download--New - Launch NetOp Remote Control from a USB Drive
http://list.winnetmag.com/cgi-bin3/DM/y/egoI0EAYC40CBg0BJyw0AC
=========
~~~~ Contact Us ~~~~ About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]
==========
~~~~ Contact Our Sponsors ~~~~ Primary Sponsor:
Neverfail -- http://us.neverfailgroup.com -- 1-512-327-5777 Secondary Sponsor:
Sherpa Software -- http://www.sherpasoftware.com/windowsnetEO -- 1-800-255-5155
=========================
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z
View the Windows & .NET Magazine Privacy policy at http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy Windows & .NET Magazine a division of Penton Media Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All Rights Reserved.
About the Author
You May Also Like