This post will explain the meaning of title headings and details within the tables in different areas of Email audit.
When you enter the Email auditing area of GAT+, on the Emails tab you will notice a summary table at the top of the page. The table will summaries the total number of emails sent out or sent into your domain with files attached or with no files attached. Clicking on any one of these categories in the table will apply a filter focusing only on those emails.
The date range (Emails from) at the top of the table indicates the period under audit.
The Last Scan Date informs you when an email scan last ran to update the metadata you are viewing.
Some notable categories:
Emails sent in – Emails were the sender is an external user
Emails sent out – Emails to external domains where the sender is from your own domain.
Emails sent internal – Emails sent only to users within your own domain. The email thread may include users who are external.
Bounced – When an email message cannot be delivered to an email address.
Files sent in – Emails sent into your domain from an external user which contained a file attachment.
Files sent out – Emails sent to external domains with a file attachment.
User Statistics Table
If you wish to get a better understanding of email activity for each user on your domain and the alias they may use click on User Statistics.
Heading of the Table
Date From and Date To – These fields over a date range. If you clicked on the Daily Statistics button this will show you email data of each previous day. If you can Summary Statistics button then you can see several months back for each user.
User – The user who sent/received the email.
Email – This is the email address a user used to send or receive the emails. This is usually an alias or an account they’ve been delegated access to or their own email address. In the screenshot below in the green box, it shows that User:firstname.lastname@example.org sent/received emails from Email:email@example.com which is his own account.
Emails recv. (ext) – Emails received where the sender is an external email address.
Emails recv. (int) – Emails received where the sender is from your own domain.
Emails sent (ext) – Emails sent outside of your own domain to other domains.
Emails sent (int) – Emails sent internally to users on your own domain.
Files recv. (ext) – Emails received from external users which contains a file attachment.
Files recv. (int) – Emails received by internal users from your own domain which contained a file attachment.
Files sent (ext) – Emails sent outside of your own domain to other domains which contained a file attachment.
Files sent (int) – Emails sent internally to users on your own domain which contained a file attachment.
1) “What files on my google domain can everyone on the internet find or see?”
In the GAT+ Drive Audit one click on the number ‘Open to full public’ shows you all the public files on your domain’s Google Drive. You can see those that are available to all with the link or ‘Open to public with link’ both reports just a click away).
2) “We have files that are shared to lots of other domains, how can I see which ones?”
Within the Google Drive Audit and with the press of one button ‘Domain Connections’, we draw a map of your entire set of Drive shares into and out of your domain.
Select each ‘dot’ and it will lead you to those files, from there you can select the number of shared files, and be directed to them
3) “I need to see a list of all the external people that have explicit access to files on your Domain drive?”
In the Drive Audit, one press of the button ‘External Users’ will produce a table that you can sort by the desired column.
4) Need to find and remove an email in a hurry? (even from hundreds of accounts!)
In the Email Audit using the ‘Domain Gmail Search’ you can do a live search of every folder in every account on your domain for an email containing text in any location (subject, body, attachment) or any other identifier and have a list of those emails found.
Once you find the emails you need (using Unlock) you can view, download or remove these emails in bulk for one or all accounts.
5) Need to see the top sender or receiver of emails?
Just a press of the ‘Sender/Receiver’ button will tabulate the top senders and receivers of email for your domain or for whatever search you used to narrow the data.
6) Need to delegate access to another user’s email account?
In the “User audit” select the “Email info” button and select the account you want to add delegated auditor to and add. After its approved by security officer, the user will have delegated access the person’s email.
7) Need to get a daily/weekly/monthly report of emails per user, sent and received?
On the GAT+ Email audit select “User Statistics” presenting different options “Daily Statistics” and “Summary statistics”
Once you select the Daily Statistics, you can just apply filter to schedule daily reports for all emails coming and going out from all your user accounts you can also select to cover user/group/OU.
G Suite Users
8) Need to save on license costs then you need to know which accounts were not used in the last 6 months.
On the GAT+ select ‘Users Audit’ and select ‘Last Login’ and it will be filtered based on Last login.
You can apply filter to search by ‘Last login’ or ‘Last negative login’ searching for users whose last login to your G Suite domain was 6 months ago.
9) Need to easily bulk add or remove users or simply add/remove/change them between groups and OUs?
In the new GAT+ select the Users report. Filter for the set of users you are interested in working with. Export that selection of users, change the spreadsheet as described here. You can add the users to one or more groups or change their group mix completely. When finished with the changes, just import the spreadsheet to perform all the changes at once.
10) Need to be warned when some critical event has happened on your domain?
Under Configurations section in GAT+ select ‘Alarms’ and configure for the alerts you need. Alarms can be configured and saved on a per OU basis.
https://generalaudittool.com/wp-content/uploads/2017/10/2119.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-04-23 04:00:312019-05-10 12:48:16GAT Removes Your Pain Points
GAT+ can present G Suite Super Admins with a lot of useful summaries relating to sharing permissions in Google Drive, this document will explain each category.
Drive Audit One click table
This is the total number of files and folders owned by users within your domain or files shared into your domain by external users.
Open to full public
Files publicly shared with the world, anyone who comes across it can see the contents of it, users are not required to authenticate themselves or be signed into a Google account. Additionally, the Google search engine can find and index these files. This category includes full public files shared into your own domain by external users.
Open to Public with link
Files publicly shared to anyone with a link. The Google search engine cannot find or index it. Anyone who has been given the URL link to these files can view the contents. This category includes public documents shared via link into your domain by external users.
Open to external users
Any file shared to an external domain such as external editors, readers. Team Drive files with Managers or Content Managers who are from an external domain will have this classification as well.
Open to internal users
This category includes any file which is shared internally to anyone within your own domain. This includes internal editors or readers and our domain (with link). Nevertheless, these files are not shared externally to anyone outside your organization.
Team Drive files
These are Team Drive files.
Team Drive Files with extra shares
When Team Drives are created, they will have Managers, Content Managers, Contributors, Viewers, and Commenters, therefore any Team Drive file which has permission shares anyone outside of the defined scope will fall into this category.
Files are not shared with anyone, period. Only the owner can see it.
Files that are moved to the Trash/Bin folder on the users myDrive.
Here’s how a file can become orphaned:
You create a file in someone else’s folder. Then they delete the folder. Your file isn’t deleted because only you can do that. But it’s no longer in a folder.
Or, you share a folder with someone who removes your file from the folder. Again, the file isn’t deleted, but it’s no longer in a folder.
This category will show you those orphaned files.
Indicates the number of users GAT+ can not scan properly. If this shows any value, check if GAT+ is turned ON for everyone within the G Suite Admin Console.
In Drive Audit, we make it easy for G Suite super admins to view the number of files across users myDrives. These are the most common file types. The values in the table include files shared into your domain by external owners.
The value for sites will show you all of the Google sites created by your domain or shared into your domain by external users.
These are Google survey forms created by your domain or shared into your domain by external users.
https://generalaudittool.com/wp-content/uploads/2017/11/OPSAL70.jpg6681000Enrique Gomezhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngEnrique Gomez2019-04-16 16:00:452019-05-10 12:49:51Sharing exposure and file types within Google Drive Audit
G Suite Admins can now Identify externally owned Google Drive files and which folders they reside in in your G Suite domain.
An admin can click on “One Click Report” – External users – Docs
This will show us all external users who have ‘shared in’ Google Drive files into your domain.
By clicking on each of the numbers under the column ‘Owns (not ours)’, the admin will be taken to Drive Audit Files tab where you can examine these Google Drive files in greater detail.
Another way to find all external owned Google documents within your G Suite domain is to open Drive audit and apply a custom filter – show the files which have been shared in. (we excluded deleted/trashed Google docs in this example) because they are included by default.
The result will show all Google docs “Shared in” to your domain and you will be able to view their paths. Since these files are externally owned, you as a G Suite Super admin, your only course of action is to remove and cut the ties to those users they’ve been shared with.
Note: To remove editors and readers from shared in files, there has to be at least one local editor from your Google domain on each of those files.
For each file, you can see the folder or folders that each particular file resides in.
Many files may not have a folder path because they haven’t been added to the local user’s myDrive.
The G Suite Admin can export a Google spreadsheet or a CSV of all shared in file paths by selecting the option ‘with path flattened’. With paths flattened each unique path will be displayed.
https://generalaudittool.com/wp-content/uploads/2017/05/843.jpg10011500Enrique Gomezhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngEnrique Gomez2019-04-08 19:00:492019-04-08 16:05:56Identify All Externally Owned Files with GAT+
In Drive audit, we can see a nice overview of all drive files of your entire G Suite domain.
An admin can select each of the categories and it will lead them to all the files from which the category was created from. In this case will display all Google Drive files which are Open to internal users. Sharing flags is set ‘Open to internal’, the users are in grey background color, which also indicates that the user are local and not from an outside domain.
https://generalaudittool.com/wp-content/uploads/2017/08/close-up-of-executive-pointing-to-a-chart_1098-2704-1.jpg417626Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-04-04 18:00:282019-04-04 12:50:17Find Internally Shared Google Documents
Now click on the drop-down next to the folder name. Select the option “Apply permission change to this folder (recursive)”.
The recursive option will take our action and apply it through all of the subfolders as well. Now enter the new owner of the file. Also, make sure to remove the previous owner from the editor privilege access.
Note: When changing ownership in GAT+ the previous owner is added as an editor of his files so when changing ownership and you don’t want this to happen, make sure to remove them.
Once you have filled in the appropriate fields, send the request of, your security officer will then get an email to approve or revoke your permission change.
You can change the Admin logs for the stats of the ownership change.
The folder will appear on the new owners myDrive with the following format:
In the myDrive of the new Owner, you will see a folder containing multiple subfolders appear.
(Root Folder) with the name: File_Transfer_reference_number
The above structure accounts for files which were created by other owners which happen to be inside the folder which was transferred by the super admin. This is the most optimal way to retain a folder and subfolders structure taking into consideration that the folders may be owned by multiple users.
https://generalaudittool.com/wp-content/uploads/2018/05/analytics.jpg327500Enrique Gomezhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngEnrique Gomez2019-04-03 07:00:382019-05-09 16:34:45How to Change Ownership of an Entire Folder Tree on Google Drive
If you are using the New Google Sites you can view the Events for each Site.
In GAT+ Google Drive audit you can see all your Google Sites. In the below screenshot, we select “Sites” then select the “Events” tab at the top. That’s how you’ll be able to see all events concerning to your Google Sites.
Once the results are displayed you can export the data into a spreadsheet.
You can also select the Site’s title and view events individually. Just click on the Google Site then “Events” in the File details tab.
Doing that allows you to see how often your G Suite users access a site.
https://generalaudittool.com/wp-content/uploads/2018/11/shutterstock_254749639.jpg334500Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-28 15:36:462019-04-04 13:27:46See Your Users' Activity on Google Sites
Gmail Search is a live search for your entire domain. This allows G Suite Super admins to search for any piece of text in any email in any mailbox across the domain. As long as the email is not permanently removed from the bin folder, Gmail Search can find it.
Note: this process may take a long time if you are searching through many accounts at the same time.
To start a live search to find emails from one user’s account, click on Search through messages.
Now in the Query box enter some limiting search operators to narrow down the possible results which are returned. In the below example I made sure to search through all folder structures across Gmail by using in:anywhere but I made sure to ignore Google Meet/Hangouts chat records by using -is:chat. The (-) symbol excludes chat messages.
Enter which user you want to search through in the fields provided below the Query box. I searched through one users account. You can search through a whole group of users by entering a Google Group. Or you can search through an Org Unit and its Sub-orgs.
Now navigate the Recent tab, when the search has finished you can click on the green button, to show the result.
Once the results are displayed you can explore all the results returned.
Once the results are displayed you can explore all the results returned.
There are many things you can do from this point forward.
Send a request to your Security Officer to have permission to view/download and delete these emails
You can export the metadata to a Google Spreadsheet or CSV
https://generalaudittool.com/wp-content/uploads/2017/11/OE7CSE0.jpg8471000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-26 01:38:472019-05-10 12:35:30Searching for Every Email in Users Gmail Account
In GAT+, it’s possible to export all your Google Groups including the full property list for each group. The exported spreadsheet can be updated and imported back in GAT+ to make multiple changes at the same time. Changing any collection of properties ‘in bulk’ is a powerful feature for bulk group management, in particular where you need to close down a particular access point.
Deleting Multiple Groups
An admin can delete and add groups via exporting and importing method. For example, you can select the Last used tab in the Groups audit. Using this section you can identify which Google Groups are no longer active or necessary. Maybe these groups are confusing your users by appearing as suggestions when composing emails.
Once you have a list of Google Groups you have identified as inactive and no longer necessary to have, go to the Groups tab. Then export the information.
Enter the generated Spreadsheet and delete the group you don’t need. Simply find the groups you want to delete, then remove the Group_ID and change the status from No to Yes under the DELETED column.
Then import the Spreadsheet back into GAT+.
Once you have verified the changes you’ve made, the groups will be updated and the selected groups will be deleted.
Creating Multiple Google Groups
Creating multiple groups with GAT+ is a similar process for deleting multiple groups. You will need to use the Export data and the Import data functionality. If you want to add a new group, add a new record to the spreadsheet and leave value under the ID column empty. This is because Google will automatically generate the ID of the new group. And under the DELETED column enter the value No.
Note: you can’t input the members/managers of Google groups in this spreadsheet. You can do that in the User audit section using it’s own specific Export data/Import data functionality.
https://generalaudittool.com/wp-content/uploads/2018/02/Click-export-.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-26 01:38:412019-05-09 16:29:29How to Export and Update Your Google Groups
GAT Unlock is the most sophisticated security management mechanism for Google Apps available today. It works on the principle that access to documents, or change of ownership of documents, without the owner’s knowledge or permission can only be accomplished with the active input of at least two people in the organization. One of these will be the requestor who must be an Administrator, the other a Security Officer (or Verification Officer), who must be identified and verified through a senior executive in the organization.
This is an extra service on top of all GAT versions and for non-education domains comes with a limited cost. All license types must apply for this service if they require it. It does not automatically install nor can it be self configured.
Because of the sensitivity of documents held in the cloud ‘Unlock’ can not be self enabled and is available ‘on trial’ only by special request.
From introduction the service will be visible to domains and each domain Admin can apply to have it enabled. To avail of this service please email firstname.lastname@example.org with your request. The requesting email must contain the following 4 items.
The contact details of the Google Apps Administrator applying.
The name of the Security Officer(s), her/his position(s), email and phone number.
The contact details (email and phone number) for the person from whom the GAT team must seek confirmation before enabling this feature (See list below for minimum level of organization officer we expect to have to request approval from. Please send us their full contact details also and inform them they may receive contact from us.) This is required to verify the separate identities of both the Administrators and Security Officers.
The PO details for the requested service, see price list below. (Not required for education domains that have purchased GAT.)
There can be many Security Officers, and the service will be available to all Super Admins once enabled.
Administrators and Security Officers should remember the verification process is there to protect you, your domain data and your user’s privacy and rights, while also enabling you to act in the organization’s best interests.
When the ‘GAT Unlock’ service is enabled Administrators can generate access or change requests, but only Security Officers can approve them. An individual can be a member of both lists but cannot approve their own requests. The Security Officer list for all domains is maintained by GeneralAuditTool.com staff. A Security Officer can not generate a change or view request and have it approved by another Security Officer.
Why all this effort? We really respect your data security. We respect your company’s right to be protected. This is the highest security model available within the Google for Work environment.
‘GAT Unlock’ pricing and approval authority needed
From September 1st, 2016, GAT Unlock will be bundled at no extra cost for educational domains who subscribe to GAT+ Email at the educational rate of $0.50 per user per year.
How to use GAT Unlock
File Management – Changing ownership or file access rights
GAT Unlock is tightly integrated with the powerful search and filter options available in GAT+. This means you only have to do things once.
In this example we are going to find all the spreadsheets owned by the group ‘sales’ that are shared externally, then we will remove the external sharing and change the ownership (on all the selected files at once).
TIP: Always narrow the file request with a search first – saves time and makes approval simpler.
Step 1: Click on the ‘Apply custom filter’ button in Drive Audit.
Step 2: Select the following option:
For the filter type select User/Group/OU search, we will enter the ‘Sales’ group in this field ‘Local User/Group’, make sure to enter the full email address.
Click the checkbox option ‘Owned’, this will show all the files owned by ‘Sales’ group. Otherwise, it would show all of the files associated with ‘Sales’ group, were Sales shows up as Owner, Editor or Reader.
In the filter definition area, select the parameter Type equal to Spreadsheets and to add another search parameter click on ‘Add rule’ button and select ‘Sharing Flag’ to ‘Shared Out’. Selecting shared out will only focus on files leaving your domain.
Step 3: Next click on the ‘Toggle Selectable’ button, this will allow you to select files individually or all of them at the same time.
Note: You can not perform actions on a ‘Suspended’ account.
Step 4: Click on the button ‘File operation’ and then select the ‘File Management’ option.
Step 5: In this example, we are removing external access to the spreadsheets and making the manager the owner of all the files.
When you click on the ‘Send request’ button, an email is going to be sent to your security officer.
If the security officer approves your actions, they will be executed and you will be notified.
If permission is not granted by the security officer, you will also be notified and no actions will be taken.
Access Permissions Granted – How to silently copy or view files
We are going to use a powerful search feature inside of GAT+ Drive audit to identify the contents of documents we’re going to investigate. This feature is called the ‘File content text search’. It allows admins/delegated auditor to use a word or sentence to search through all of the files across the domain and to return documents which contain them.
Step 1: Click on the ‘Apply custom filter’ button.
Step 2: Enter the word or sentence to return files which contain them. Select the user’s account you want to search through you can leave this field blank to search your entire domain’s Drive or enter a user, Google Group or Org Unit to search through them only.
You can also use multiple rules in the definition section of the Apply custom filter. I used the Updated search parameter. Once you click on Apply button the search will begin.
It will take a few minutes depending on how many files you have across your domain.
Step 3: Select the files you are interested in, remember that these files contain the sentence “private and confidential”.
Step 4: Click on the ‘Files operation’ button and then select ‘Access permissions granted’.
Step 5: Next we will select a date in the future, we will have access to these files until this date. You have an option to write to your security officer explaining why you need access to these files.
Send the request to the Security Officer(s) for approval.
The following email will be sent to the Security Officer.
The Security Officer can click on the link in the email and will be taken to the approval area(Grant) in GAT+.
When the Security Officer grants access an email will be sent to the requesting Administrator/delegated auditor informing them. The Administrator from the ‘Access permission granted’ menu can see the full list of their access requests along with the time left for each request to remain valid.
Once the request is selected, the requestor can download documents or view the contents silently without the owners’ awareness.
Pre-approved Access for Admins to all Files for a range of Users
If your Super admins wish not to get Security Officer approval every time they want to make file permission changes or to view file contents, a security officer can give them pre-approval.
In the Security Officer section on the GAT+ sidebar menu, select ‘Pre-approved Access’ and then click on ‘+’ button to add a new pre-approved admin.
Once clicked a new ‘pop-up’ screen will appear.
Here the security officer can add the email address of the Super Admin, the OU over which they will have access, they can select a full OU tree and set approval access until a certain future date. In the above screenshot, I gave Anna (super admin) access to the entire organisation because I selected / and I covered the Sub-Org Units as well.
Multiple different grants can be given by the security officer, including several to the same Super Admin, each covering different scopes.
Changing Ownership of an entire folder tree
Another feature of ‘Unlock’ is that it enables an often requested task of moving an entire folder tree, root folder and sub-folders, from one or many owners to a new owner.
This task is completed with the File Management tab. Use the drop-down menu button next to the folder name to see the options. Click on ‘Apply permission change to this folder (recursive)’. When the File Management option menu appears enter the new owner’s email address. And make sure to remove the previous owner as editor.
Note: When changing ownership with GAT Unlock the previous owner is added automatically as an editor to the files he owned prior to your changes. Make sure to enter the previous owner into the field ‘Remove following users as Editors’ if you don’t want them to have that privilege by default before sending the request to your Security Officer.
This is an ideal feature for consolidating a shared folder structure, or handling leaving staff or students.
Delegating Access to an email account
GAT+ allows Admins to delegate access for a User account to another User for a certain period of hours. This may be for business purposes but it is also facilitates the fast search and viewing of all the account emails via another user’s browser.
BEFORE USING: Please ensure email delegation is allowed for users in your domain. Go to the G Suite Admin Console and under Apps > G Suite Apps > Settings for Gmail check if the email delegation box is allowed for your domain.
In the Email Info Tab, select any user and click on the Actions button to add an email delegate to their account.
You have the ability to remove existing mail delegation which are already in place as well.
Here the Admin can select the account they wish to gain access to, then select the account they want to give this access to and finally select the number of hours they would like delegated access to be granted for. Once the request is sent, the Security Officer will still have to approve before the delegation is created.
Once granted the delegated account appears in the accounts drop down list when the profile picture is selected in Gmail.
The delegation will automatically be revoked after the requested time period.
Note: If during the period of delegation, the account under audit, logs into their Google account and goes to their email settings, then under ‘Accounts’ the account owner will see that the Admin has granted delegated access to the account.
In addition if the delegated user reads any unopened email in the audit account, this email will be marked as ‘read’.
Deleting Spam, Inappropriate or Accidental Emails
There are multiple reasons to have the ability to identify and remove emails which have been received by all or any of your domain users. Here are some unwanted scenarios:
An email is sent to the wrong user or group
An email contains inappropriate content
An email that contains sensitive information
An email which has gone past spam filtering or is a phishing email.
GAT+ allows Admins to delete these emails from all accounts at once.
We recommend using ‘Gmail Search’ for tracking down these emails. It is a ‘real time’ search that is highly configurable (see ‘search tips’ link beside the search box). In the screenshot above we use the example search parameters
“SEO proposal” in:anywhere newer_than:180d”
This tells GAT+ to search in all folders, for all users and look for emails that contain the words “SEO proposal” which are also newer than 180 days. When the results come back, click on ‘Apply’.
Next, select the ‘Toggle Selectable’ button and select the emails you wish to view/download/delete.
Once the emails are selected, click on the ‘Access permissions granted’ button and send a request to your SO (security officer). Your SO will have to approve your request.
Before sending the request if you intend to delete the emails rather than just view or download them then check the ‘Request permission to remove’ box.
After doing that hit ‘send request’ and wait for approval to be returned from the Security Officer.
Once you have received an approval email, remember to refresh the list within the ‘Access permissions granted’ and click on the ‘Activate grant’ to display just your selected emails.
You can then delete one or all of the emails using the drop-down option in the Emails Operation button.
By default, you can send the emails to user’s trash folder on their Gmail but if you wish to permanently delete these emails then select ‘Delete permanently’.
In future when you search for these emails they will still be listed in our database but they will have a bin icon next to the subjects.
Pre-approved Access for Super Admins to all Emails
To enable pre-approval for Super Admins navigate to the Configuration section of GAT+ and enter the security officer area.
Once there click on the Pre-approved Tab and click on the plus icon “Add new pre-approved access”.
Your security officer will have to select you (super admin) to have pre-approval over users across your domain.
This is ideal for situations where Admins do not need to get constant approval to view/download or remove emails. An example would be in an education domain where the Super Admin would have full open access (view/download or remove emails) for all Student OU’s but would still have to get selective approval from the security officer to access an in the Staff or HR OU.
For a single OU level add a value like /Staff (Note, this will not grant access to the OU /Staff/IT unless “Sub Org. Units equals Yes!).
In the above screenshot I put Anna (Super Admin) to have pre-approved access to the entire domain by select / for the Org Unit and I made sure to cover all Sub-Org Units. / means the root User Org. Unit. She has access to remove and add email delegations as well because I enabled the last two option which are “Can remove?” and “Can add email delegation”.
The Admin should now see something like this when they click on ‘Access permissions granted’ in Email audit.
Every time admins enter the Email audit area they need to apply the Granted pre-approval privilege then carry out the search for the email(s) in question and next to each email there will be an action column visible.
Bulk Download or View Email Contents
The global live email search is under the ‘Gmail Search’ tab within email audit.
Here you can search for all the emails sent to or from a particular user on your domain. (You can also search for emails associated with groups or OUs of users.) The search can also take many flags, for example you could search for email sent to a particular user that was ‘Unread’, click on ‘Search tips’ to open a new page with all the flags you can use.
Because the entire domain is searched, it may take some time unless you narrow down the scope in which case I’m doing in the above screenshot. I narrowed down the search to a specific Google Group. The above example will look for all emails older than 1 day and that have been opened.
When the search is finished you can click on ‘Apply’ to see the table of the results.
When the results appear select some or all emails in the result table by using the ‘Toggle Selectable’ button then click on the Email Operation drop-down menu and click on ‘Access permissions granted’.
Click on ‘New Request’ to send this search to a Security Officer for their approval to allow you to read or download copies of these messages. Decide for how long you want to have access to these emails and enter a custom message to your Security Officer with your request.
The Security Officer will receive an email detailing the the access request being made. They can click on the link in the email to approve.
Once approved the Super Admin will receive an email in return notifying them of the SO decision.
It will look like this.
Once you receive this email, refresh the Current request list to see access grants that have been changed from pending to granted. These requests will now have a check mark beside them. Click on ‘Activate Grant’.
Each email can be read or downloaded individually by clicking on the Action button beside them.
To download all the emails select the ‘Toggle Selectable’ button and click on the top checkbox which will select every email within the result table. Right next to the ‘Toggle Selectable’ button click on ‘Email Operations’ drop-down menu and click on Download e-mails.
Downloading individual emails will occur almost instantaneously. Downloading all the emails takes some time. We have to retrieve the emails and add them to a zip as PDFs. Allow about 10 minutes for every 100mb of emails. To make it efficient we will create the download zip file on one of our servers and will create a link for you to bring down the zip to your own PC or server.
A password is generated and sent to your email address, use this password to be able to view the contents in the zip file because all of the PDFs will be password protected.
If the download is big, you can complete other audit tasks or grab a coffee. When you return to GAT+ go to the Admin Log in the Configuration section.
Non-Super Admin Auditors
This feature is ideal where Super Admins want to delegate the audit function to local managers or regional security personnel. GAT+ allows anyone to audit any range of users based on the model of Google Groups, Google Classrooms, and Org Units. It does not require passing on Google Admin authority. Selected auditors can have audit rights over individual users, Google Groups or Org Units. This allows you to have multiple auditors for a specified scope.
Auditors will have access to the auditing areas of GAT+ but will not have access to the Configuration sections.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.
Google Analytics Cookies
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visist to our site you can disable tracking in your browser here:
Other external services
We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds: