How to configure the 'Prevent Self-Review' feature of Compliance Accelerator in a multi-domain environment.

book

Article ID: 100044438

calendar_today

Updated On:

Description

The Veritas Enterprise Vault (EV) Compliance Accelerator (CA) product introduced a new feature in the 12.2.0 release called Prevent Self-Review. This feature prevents a CA Reviewer from being able to review messages they have sent or received.

The normal configuration of this feature expects the CA Reviewer's Active Directory (AD) account to be in the same AD Domain as their Exchange mailbox. When a multi-domain environment is present with the mailbox domain being different from the login domain, additional steps are required to configure the CA environment for proper operation of the Prevent Self-Review feature.

To configure the CA environment to use the Prevent Self-Review feature in an AD multi-domain environment where the CA Reviewer logs into a logon domain and their Exchange mailbox is located in a resource domain, complete the following steps:

Add the CA Reviewer's logon domain as a Monitored Employee in the CA Client's Employees tab.
Add the CA Reviewer's resource domain as another Monitored Employee in the CA Client's Employees tab.
Let both accounts synchronize with their AD domains in order to obtain all SMTP addresses used by the CA Reviewer.
Configure the CA Reviewer's resource domain Employee to not synchronize and disable that account.
Add all of the CA Reviewer's resource domain SMTP addresses to the CA Reviewer's login domain Employee.
Manually add the CA Reviewer's logon domain Employee to a Department's Monitored Employees tab. After synchronization with EV, this will make the CA Reviewer have the Department ID tag of the Department applied to emails they send and receive after synchronization with EV (see below).
Make the CA Reviewer's login domain Monitored Employee an Exception Employee in the Department. After synchronization with EV, this will make the CA Reviewer have their own Department ID tag applied to the emails they send or receive instead of the Department's ID tag. Note that emails sent to or from another Monitored Employee in the Department will still have the Department's ID tag applied in addition to the CA Reviewer's new Department ID tag.
Restart the Enterprise Vault Storage Service on all EV servers that will be archiving the CA Reviewer's emails. Note that up to an hour could pass before the automatic update of the CA Department and Monitored Employee information will occur so restarting the EV Storage Service is a faster way to ensure the above changes are synchronized to the EV Storage Service Department Tagging processing.

Upon completion of the above actions, any new emails to or from the CA Reviewer will be restricted from review by that CA Reviewer.

The following conditions will still allow a CA Reviewer to review their own messages:

The item under review was found in a CA search of any user archive. Emails archived in user mailbox archives do not have Department ID tags applied. The Prevent Self-Review feature only works with messages archived through Exchange journal, Lotus Domino journal or SMTP journal archiving that have the CA Reviewer's Department ID tag applied.
The CA Reviewer is also an Escalation Reviewer in the Department. An Escalation Reviewer can see any emails that have been escalated for review by a normal CA Reviewer.
Emails sent to or from the CA Reviewer before the above configuration has been completed and then captured in a CA search (these items will not have a Department ID tag applied for the Department or the CA Reviewer's Exception Employee Department) or the CA Search is configured by selecting the individual Monitored Employees of the Department instead of the Department ID tagging (known as a Legacy Search). Such items and/or a Legacy Search does not use Department ID tags but uses SMTP addresses instead.

Initial Configuration Example:

1. Resource domain name: mail.mydomain.com
     NetBIIOS name: mail
     SMTP Address Domains applied to all accounts: mail.mydomain.com
                                                                             mydomain.com

     CA Reviewer account Display Name: John Smith
     CA Reviewer account ID: john.smith
     CA Reviewer email addresses: john.smith@mail.mydomain.com
                                               john.smith@mydomain.com
     CA Reviewer login: mail\john.smith

     Journaled user account Display Name: Jane Doe
     Journaled user account ID: jane.doe
     Journaled user email addresses: jane.doe@mail.mydomain.com
                                               jane.doe@mydomain.com
     Journaled user login: mail\jane.doe

2. Login domain name: users.mydomain.com
     NetBIOS name: users
     SMTP Address Domains applied to all accounts: users.mydomain.com
     CA Reviewer account Display Name: John Smith
     CA Reviewer account ID: john.smith
     CA Reviewer email addresses: john.smith@users.mydomain.com
     CA Reviewer login: users\john.smith

3. Compliance Accelerator:
     Employee Tab -
          Employee: John Smith
               Account:   mail\john.smith
               Addresses: john.smith@mail.mydomain.com
                                john.smith@mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

          Employee: John Smith
               Account:   users\john.smith
               Addresses: john.smith@users.mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

          Employee: Jane Doe
               Account:   mail\jane.doe
               Addresses: jane.doe@mail.mydomain.com
                                jane.doe@mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

          Employee: Jane Doe
               Account:   users\jane.doe
               Addresses: jane.doe@users.mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

     Department Tab -
          Department Name: Test Department
          Department Monitored Employees: Jane Doe (mail\jane.doe)
                                                              John Smith (mail\john.smith)
                                                              John Smith (users\john.smith)
          Department Reviewer: John Smith (users\john.smith)

Corrected Configuration Example (changes in bold italics):

3. Compliance Accelerator:
     Employee Tab -
          Monitored Employee: John Smith
               Account:   mail\john.smith
               Addresses: john.smith@mail.mydomain.com
                                john.smith@mydomain.com
               Synchronize with AD: No
               Enabled: No

          Monitored Employee: John Smith
               Account:   users\john.smith
               Addresses: john.smith@users.mydomain.com
                                john.smith@mail.mydomain.com
                                john.smith@mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

          Monitored Employee: Jane Doe
               Account:   mail\jane.doe
               Addresses: jane.doe@mail.mydomain.com
                                jane.doe@mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

           Monitored Employee: Jane Doe
               Account:   users\jane.doe
               Addresses: jane.doe@users.mydomain.com
               Synchronize with AD: Yes
               Enabled: Yes

    Department Tab -
          Department Name: Test Department
          Department Monitored Employees: Jane Doe (mail\jane.doe)
                                                              John Smith (users\john.smith) made into an Exception Employee
          Department Reviewer: John Smith (users\john.smith)
          Exception Employee Reviewer (who will review John Smith's emails): Jane Doe (users\jane.doe)

Issue/Introduction

How to configure the 'Prevent Self-Review' feature of Compliance Accelerator in a multi-domain environment.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"