<div>
Geez... what a typo... I meant to say, you should turn UP event logging, not off...<br />
-rich
</div>


Geez... what a typo... I meant to say, you should turn UP event logging, not off...
-rich

<div>
Thanks. I will try out the snare program. &nbsp;I want to nail this weasel to the wall.
</div>


Thanks. I will try out the snare program.  I want to nail this weasel to the wall.

<div>
M$ doesn't keep track of IP's but does use machine names. You may consider using the firewall in 2003 to log ip's, or getting a firewall like zonealarm pro that can also log access via ip.<br />
-rich
</div>


M$ doesn't keep track of IP's but does use machine names. You may consider using the firewall in 2003 to log ip's, or getting a firewall like zonealarm pro that can also log access via ip.
-rich

<div>
<div class="content wysiwyg-content">
I have a domain admin that I suspect is chaning things on exchange and OWA (on the same server). &nbsp;Long story short. &nbsp;I fixed the issue with only having to enter in username and password only in OWA instead of domain\username. &nbsp;This worked fine for quite a while until I brought up this fix in a meeting. The admin in question said it wouldn't stay fixed and wanted to implement forms based authentication. (we're not ready to go that way yet, eventually we will). Not more than an hour later, it &quot;mysteriously&quot; reverted back to domain\username in OWA. &nbsp;<br />
<br />
How would I go about auditing any changes made to the network, exchange, and any other servers, when the admin is logged on? I really need some help on this and fast.<br />
<br />
thanks
</div>
</div>


I have a domain admin that I suspect is chaning things on exchange and OWA (on the same server).  Long story short.  I fixed the issue with only having to enter in username and password only in OWA instead of domain\username.  This worked fine for quite a while until I brought up this fix in a meeting. The admin in question said it wouldn't stay fixed and wanted to implement forms based authentication. (we're not ready to go that way yet, eventually we will). Not more than an hour later, it "mysteriously" reverted back to domain\username in OWA.  

How would I go about auditing any changes made to the network, exchange, and any other servers, when the admin is logged on? I really need some help on this and fast.

thanks

Auditing domain admin's actions on exchange/OWA  settings

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.