Basically, the rule of thumb is everything on the company's premise belongs to the company. This includes e-mail and any info on the hard. As long as this is stated clearly the the company's policy you can check anything you want. _____ From: Marvin Cummings [mailto:mcummings@xxxxxxxxxxxxxxx] Sent: Friday, December 12, 2003 10:42 AM To: [ExchangeList] Subject: [exchangelist] User rights in regards to policy violations http://www.MSExchange.org/ Have a sticky situation where I'm asked to navigate through a users email to see if I can locate any wrong-doings; ie replying to any spam sent from "questionable sites". The mail is stored on the server and I know this users password so I would like to know if there are any implications that can come from me logging in as this user and viewing his mail? It's my understanding that this user initially spearheaded the campaign to have policy created to prevent users from accessing "questionable sites" and viewing prohibited content, so it would seem that he'd be aware of the consequences. This is a first for me and I've seen postings like this before so I'd like to get an idea of how most handle these particular situations. What procedures, if any, should be followed to ensure that the users rights aren't violated or that the IT department doesn't come under fire? TIA ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------