• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4153
  • Last Modified:

Monitor IP address of users accessing outlook web access

I suspect that someone has acquired the password for a users account on my server and may be using it to remotely access the persons email via Outlook Web Access. I have set the user up with a temporary new user account while I look into this as I do not want to reset the password effectively locking the suspect out until I know for sure that this is the case.

What I need to find out is if there is any way to log the IP address of users that are accessing OWA and also the date and time they accessed a particular account. We have a standard sbs2003 server.
0
barnesm6
Asked:
barnesm6
  • 4
  • 2
  • 2
  • +1
1 Solution
 
SembeeCommented:
The same way that you would look at any user web access - using the IIS logs. It should be enabled by default, you will need to use a third party tool to process the logs.

Simon.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The IP address is already logged and would be found in C:\Windows\system32\LogFiles\W3SVC1

Jeff
TechSoEasy
0
 
ormerodrutterCommented:
There are some reports you can run on a SBS2003 server that give you some kind of detail on OWA usage. I think its the Usage Report which tells you the number of times a user has access OWA and/or VPN.  It gives you a chart showing the likelihood of time the user (all users) are trying to connect, but it will not show you the IP address of the user and the exact date and time. By the way tracking down the IP address may not be very useful - mind you anyone can access OWA from anywhere and even if user access from home they have dynamic IP address anyway.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
barnesm6Author Commented:
not all users have dynamic IP's from home but I appreciate what your saying, I am a home user with Plusnet and get a static IP as standard.
0
 
barnesm6Author Commented:
I will check out the suggestions later this week and report back
0
 
ormerodrutterCommented:
barnesm6,

Despite you may hjave a static IP, most home users would be using dynamic IPs, and most important of all, OWA give users the chance to do email on the road. You can do email in an Internet Cafe, at a friend's home or using public computers at a library. So tracking IPs might not be useful - but of course thats up to you.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If you really want to track whether someone is accessing a mailbox via unauthorized means, sign up with www.readnotify.com and send an email to the mailbox in question.  The tracking mechanisms which ReadNotify provides will let you see who's opened the email message each time it's accessed which may help you in tracking inappropriate use.

Jeff
TechSoEasy
0
 
barnesm6Author Commented:
ReadNotify sounds like a good possible solution. I haven't tried it yet but their web site states that it does record the recipients IP and it also works with browser and/or email software.
0
 
barnesm6Author Commented:
Looks like a very useful system for tracking emails, nice features such as self-destructing emails, not got a use for that myself at the moment but sure someone would find a use for it: send your ex-boss a scathing email, that'll definately baffle him when it disappears from his mailbox, very well priced as well basic service $24 for 1 year.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now