cknoderer
asked on
Auditing domain admin's actions on exchange/OWA settings
I have a domain admin that I suspect is chaning things on exchange and OWA (on the same server). Long story short. I fixed the issue with only having to enter in username and password only in OWA instead of domain\username. This worked fine for quite a while until I brought up this fix in a meeting. The admin in question said it wouldn't stay fixed and wanted to implement forms based authentication. (we're not ready to go that way yet, eventually we will). Not more than an hour later, it "mysteriously" reverted back to domain\username in OWA.
How would I go about auditing any changes made to the network, exchange, and any other servers, when the admin is logged on? I really need some help on this and fast.
thanks
How would I go about auditing any changes made to the network, exchange, and any other servers, when the admin is logged on? I really need some help on this and fast.
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. I will try out the snare program. I want to nail this weasel to the wall.
M$ doesn't keep track of IP's but does use machine names. You may consider using the firewall in 2003 to log ip's, or getting a firewall like zonealarm pro that can also log access via ip.
-rich
-rich
-rich