Our company have finally taken the hint from MS and decided to start using cached mode for Outlook.
Performance on test machines etc much better which is great.
However, security folks are getting a bit touchy on it as it leaves the OST sitting on the disk which, in theory, can be cracked open by someone else within the company.
They're not that interested in external folk getting them so I don't think they're looking at encrypting the drive. It's more internal where encryption wouldn't help.
I thought this would be nice and simple as most users are not local admin and therefore can't get into the c:\users folder of another. However, they're looking for ways of preventing local admins doing so too (basically most of IT).
Thinking of shifting the OST to a different location and scripting permissions on the folder but can't get around the fact that at the end of the day if they're local admin they can just take ownership and change permissions to let themselves in? Could get the script to look at those permissions at login/out and shoot an email if it's different to what it expects but that's getting pretty messy.
Anyone have any ideas?!
Performance on test machines etc much better which is great.
However, security folks are getting a bit touchy on it as it leaves the OST sitting on the disk which, in theory, can be cracked open by someone else within the company.
They're not that interested in external folk getting them so I don't think they're looking at encrypting the drive. It's more internal where encryption wouldn't help.
I thought this would be nice and simple as most users are not local admin and therefore can't get into the c:\users folder of another. However, they're looking for ways of preventing local admins doing so too (basically most of IT).
Thinking of shifting the OST to a different location and scripting permissions on the folder but can't get around the fact that at the end of the day if they're local admin they can just take ownership and change permissions to let themselves in? Could get the script to look at those permissions at login/out and shoot an email if it's different to what it expects but that's getting pretty messy.
Anyone have any ideas?!