Responsible Administration

One of the many aspects of parenting is teaching your children to be safe so that they can survive to adulthood ("Thomas, get off the roof!"). Exchange Server administrators bear similar responsibilities. No, we're not supposed to wander around making sure that users are wearing proper safety equipment as they try to unjam the copiers--see the Naval Safety Center's Photo of the Week collection ( ) for some entertaining eye-openers along those lines--but we do need to apply what we know about messaging systems to help users follow good messaging practices. Perhaps more important, we need to try to be aware of and improve organizational messaging policies.

Let's start with users. How many of your users understand the basic operation of your Exchange system? Users don't need to know the difference between a front-end server and a box of donuts, but it's useful if they understand where Exchange can queue (and thus delay) email messages, as well as the general processing steps (e.g., spam filtering, virus scanning, archiving) that take place along the route between the outside world and their Inboxes. I've found that users who have this knowledge are less likely to complain about transient performance problems or queue blockages. (Of course, teach them too much and you'll start getting design advice!)

Also educate users about malicious software (malware--e.g., viruses, malicious ActiveX controls, Trojan horses). If you have antivirus software--and you should--does everyone understand what it can and can't do? Do your mailbox owners understand basic attachment protocol, such as not opening attachments that they aren't expecting? Again, users don't need a deep technical understanding; even a brief explanation as to where they can find legitimate information about viruses can make your life easier and keep your organization calm when a new virus hoax starts making the rounds.

As for organizational policies, does your company have an acceptable use policy (AUP) for email? If so, users should already know about and understand the policy. If you don't have an AUP in place, consider adding one. An AUP provides valuable legal protection for your organization and helps set users' expectations for privacy, security, and service levels when using your corporate Exchange resources. Speaking of AUPs: If you have one, does it contain anything that isn't technically feasible or clear cut? Many policies contain boilerplate language written by messaging-clueless legal departments. A little of your attention can help protect your company from legal troubles. Consider a simple case: User A learns that User B is stealing from the company and tells Manager C. Manager C comes to you and asks to inspect User B's mailbox. Should you give Manager C access? Hint: If you do, you could face legal action by User B if he or she is fired because of something the manager finds in the mailbox. Your best action is to require the manager to make the request in writing and access the mailbox in the presence of an HR representative and without your presence.

Such concerns might seem silly, and bringing them up with users or management might even elicit the kinds of groans I occasionally get when reminding my sons to put on bicycle helmets or get off the top of the backyard playset. However, I know things they don't, which is why I insist. You're in the same position, so use your knowledge to help protect yourself and your company from needless troubles.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.