I have a domain admin that I suspect is chaning things on exchange and OWA (on the same server). Long story short. I fixed the issue with only having to enter in username and password only in OWA instead of domain\username. This worked fine for quite a while until I brought up this fix in a meeting. The admin in question said it wouldn't stay fixed and wanted to implement forms based authentication. (we're not ready to go that way yet, eventually we will). Not more than an hour later, it "mysteriously" reverted back to domain\username in OWA.
How would I go about auditing any changes made to the network, exchange, and any other servers, when the admin is logged on? I really need some help on this and fast.