vic14
asked on
How can i audit email accouts for users .....500 point
Can any ony one assist me on this.
I will like to find a way how can i set audit in user mailboxes , It seems that some one here is viewing email that belong to different users.
How can i do it? or do you know a good well software that can do it for us.)
I will like to find a way how can i set audit in user mailboxes , It seems that some one here is viewing email that belong to different users.
How can i do it? or do you know a good well software that can do it for us.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then at the server level in Exchange System Manger you can enable Diagnostic Logging -> MSExchangeIS -> Mailbox -> Logons -> and set the level to something besides None.
ASKER
HI thank for comment.
i guess that will create a log in event viewer . BUt it doesnot show the elegal accions like if a particular person logged in to a different email account and view it emails. How can i do this?
i guess that will create a log in event viewer . BUt it doesnot show the elegal accions like if a particular person logged in to a different email account and view it emails. How can i do this?
Look in the logs, or filter the logs, for event ID 1016.
Unfortunately you can't get the granularity that you desire. Access to another person's calendar to invite them to an appointment should generate a 1016...and that is allowed in most environment.
The link to KB867640 is a great link.
The link to KB867640 is a great link.
ASKER
Just one more last q.
What are changes that the log is not acurate?. i said that because i found a log that show that user A loged it to user B.
if this happened then i need to prove that . how can i do it.
if some open my share calendar, meeting notes. etx, does it will generate the same log.?
Im currently testing but can you let me know.
thanks.
What are changes that the log is not acurate?. i said that because i found a log that show that user A loged it to user B.
if this happened then i need to prove that . how can i do it.
if some open my share calendar, meeting notes. etx, does it will generate the same log.?
Im currently testing but can you let me know.
thanks.
The log is accurate, based upon what I could tell. As I noted earlier, accessing a calendar to invite someone to a meeting will generate the 1016.
What I have found is that asking, or having HR ask, why someone accessed someone else's mailbox will generally cut out that access. Granted, this makes it a bit difficult if the password is compromised.
What I have found is that asking, or having HR ask, why someone accessed someone else's mailbox will generally cut out that access. Granted, this makes it a bit difficult if the password is compromised.
ASKER
but the log i got is a 1013 ,1016 .
So now, im not sure if user_a acces it to user_b email and view.
thiss is the fist log i got event viewer 1013
Windows 2000 User xdomain\user_a logged on to user_b@domain.com mailbox, and is not the primary Windows 2000 account on this mailbox.
For more information, click http://www.microsoft.com/contentredirect.asp.
and this is the second event i got 1016
xdomain\user_A was validated as /o=domain /ou=xdomain/cn=Recipients/ cn=user_A and logged on to /o=domain/ou=xdomain/cn=Re cipients/c n=user_b on database "xdomain Email Store A\Executive Mailboxes".
So now, im not sure if user_a acces it to user_b email and view.
thiss is the fist log i got event viewer 1013
Windows 2000 User xdomain\user_a logged on to user_b@domain.com mailbox, and is not the primary Windows 2000 account on this mailbox.
For more information, click http://www.microsoft.com/contentredirect.asp.
and this is the second event i got 1016
xdomain\user_A was validated as /o=domain /ou=xdomain/cn=Recipients/
Why don't you just remove the permissions this user has? If he/she is not supposed to be accessing the mailboxes then remove the permissions.
What you posted is as granular as the log gets.
ASKER
Thanks a lot for you help FlyGuybob,
I guess whats happen here is that i dont want any admi to log to the user_ A email so I will need to enrcypt the mail box so only he can access using the personal key or password besides the netwo autentication credentials.
I look on pgp but this will not help us.Because pgp will will not ecrypt email for user that doesnot have pgp do you knwo a program that i may need to acomplish this.
thanks
Victor
I guess whats happen here is that i dont want any admi to log to the user_ A email so I will need to enrcypt the mail box so only he can access using the personal key or password besides the netwo autentication credentials.
I look on pgp but this will not help us.Because pgp will will not ecrypt email for user that doesnot have pgp do you knwo a program that i may need to acomplish this.
thanks
Victor
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.