Wed, Nov 25 2009 18:07
Migration: Setting permissions on Mailboxes
Don't forget that once you've migrated the mailboxes, any special permissions you had (send on behalf for blackberries for example) were not migrated over.
Now sit down because I'm going to blog about something that every single time I say this to someone they absolutely freak out.
We have a written policy in our office that the firm email IS the firm email. Thus every piece of electronic email that comes in and goes out using the firm's Outlook has the right to be read, inspected, reviewed, etc. Now if that wasn't enough we take it one step farther. We give everyone (yes you read that right EVERYONE) in the office the ability to access everyone else's email and calendars. There is no expectation of privacy on the firm Outlook. You want to keep something private, go use gmail during your lunch hour or use the personal email on your smartphone.
How to Allow Mailbox Access: Exchange 2007 Help:
So I go into folks' email boxes and set Manage Full Access Permission to be open to everyone else. Why? Because as a small firm that works with Attorneys that have deadlines of yesterday, sometimes you get the "Go into my email and ..." over the phone. And even with iPhones, the screen isn't big enough sometimes for such items or ... let's face it... the end user isn't as geeky as the rest and so to be collaborative of a firm that we need to be, we give full access.
But Susan, what about the expectation of privacy?
We put it front and center in our company policy. It's our computer equipment, it's our Outlook.
But Susan, but...but....
But what? Where in the law book of dealing with employees do they say that there is an expectation of privacy in firm email? We lay it out front and center. You don't have any. Period. Furthermore we back it up with permissions.
But what about security and sensitivity of the mailboxes?
Email isn't secure. We have secure folders on the server that keep Human Resource documents, and anything of that sensitivity we don't email. Again, lay down the rules, set a policy, here's what will be considered private, here's what isn't. It's that simple.
You still can set individual rights like this at the server per person, or you can go into the user's specific mailbox and have that user grant rights to the other person (like when you delagate send on behalf rights to another person.
Filed under: Migration