Protecting against Rogue Administrators

Occasionally I am asked the following question – how can I protect the messaging environment from a rogue administrator? There are essentially two concerns being asked in this question:

  1. How do I protect the data from being deleted by a rogue administrator?
  2. How do I protect the data from being accessed and/or altered by a rogue administrator?

Sometimes this discussion leads to a discussion about only the chosen backup architecture. The reality is that whether you implement Exchange Native Data Protection or a third-party backup solution, a backup, by itself, does not protect you from rogue administrators; it only mitigates the damage they potentially cause. Any administrator that has the privileged access to the messaging data (whether it be live data and/or backup data), can compromise the system. Therefore, some operational changes must be implemented within the organization in order to reduce the attack surface of an administrator who has gone rogue.

Important: This article is not intended to be a comprehensive set of instructions on how to restrict administrators. Instead, this article will highlight the principles and techniques that can be used.

Read the complete blog at

Read my favorites blogs:

Assigning File Share permissions using Power Shell

Disk Read Error when migrating virtual machine from one cluster to another

Designing a backup less Exchange 2010 Architecture

Appear Offline in Microsoft Office Communicator Server 2007

Microsoft Exchange 2010 Test cases

Microsoft Exchange 2013 and ADRMS Integration