Announcement

Collapse
No announcement yet.

Terminated Users Mail Forwarding - Best Practice

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Terminated Users Mail Forwarding - Best Practice

    What is the best practice on forwarding mail sent to a terminated user to their supervisor, etc..? I was always under the impression that resetting the user's password, moving to the terminated users OU, and stripping all memberships would cover all security implications and allow you to forward (without copy) to another internal user safely. I have just been told by my team lead that it is better to alias the terminated user's email address on the new recipient. This doesn't show the actual recipient though. What is the best practice?

  • #2
    Re: Terminated Users Mail Forwarding - Best Practice

    There's no best practice because every company and every situation is unique. Only you and your company can define what's best practice regarding information retention, access, and security regarding a terminated employee.

    Comment


    • #3
      Re: Terminated Users Mail Forwarding - Best Practice

      Originally posted by joeqwerty View Post
      There's no best practice because every company and every situation is unique. Only you and your company can define what's best practice regarding information retention, access, and security regarding a terminated employee.
      Are there any security implications of disabling rather than resetting password, etc...?

      Comment


      • #4
        Re: Terminated Users Mail Forwarding - Best Practice

        Resetting a password doesn't guarantee that the account can't be used... if the password is guessed. Disabling the account guarantees that the account can't be used... no matter what.

        The only caveat is that Exchange may not be able to access the mailbox if the account is disabled, I think I've run into that before. You should test it and verify if that's the case or not.

        Comment


        • #5
          Re: Terminated Users Mail Forwarding - Best Practise

          Even a disabled mailbox doesn't stop the account from being used. Although there is the lag between it being enabled and being usable.

          Personally I set a long password on the account. If someone then attempts to use it, it will lock out. I can the track whether the password was changed by someone to get access.

          For email, you have two options.

          1. Remove the SMTP address and put it on to the manager.
          2. Forward the email from the mailbox to the manager.

          However it very much depends on whether you need audit trails, things like that.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X