barnesm6
asked on
Monitor IP address of users accessing outlook web access
I suspect that someone has acquired the password for a users account on my server and may be using it to remotely access the persons email via Outlook Web Access. I have set the user up with a temporary new user account while I look into this as I do not want to reset the password effectively locking the suspect out until I know for sure that this is the case.
What I need to find out is if there is any way to log the IP address of users that are accessing OWA and also the date and time they accessed a particular account. We have a standard sbs2003 server.
What I need to find out is if there is any way to log the IP address of users that are accessing OWA and also the date and time they accessed a particular account. We have a standard sbs2003 server.
The IP address is already logged and would be found in C:\Windows\system32\LogFil es\W3SVC1
Jeff
TechSoEasy
Jeff
TechSoEasy
There are some reports you can run on a SBS2003 server that give you some kind of detail on OWA usage. I think its the Usage Report which tells you the number of times a user has access OWA and/or VPN. It gives you a chart showing the likelihood of time the user (all users) are trying to connect, but it will not show you the IP address of the user and the exact date and time. By the way tracking down the IP address may not be very useful - mind you anyone can access OWA from anywhere and even if user access from home they have dynamic IP address anyway.
ASKER
not all users have dynamic IP's from home but I appreciate what your saying, I am a home user with Plusnet and get a static IP as standard.
ASKER
I will check out the suggestions later this week and report back
barnesm6,
Despite you may hjave a static IP, most home users would be using dynamic IPs, and most important of all, OWA give users the chance to do email on the road. You can do email in an Internet Cafe, at a friend's home or using public computers at a library. So tracking IPs might not be useful - but of course thats up to you.
Despite you may hjave a static IP, most home users would be using dynamic IPs, and most important of all, OWA give users the chance to do email on the road. You can do email in an Internet Cafe, at a friend's home or using public computers at a library. So tracking IPs might not be useful - but of course thats up to you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ReadNotify sounds like a good possible solution. I haven't tried it yet but their web site states that it does record the recipients IP and it also works with browser and/or email software.
ASKER
Looks like a very useful system for tracking emails, nice features such as self-destructing emails, not got a use for that myself at the moment but sure someone would find a use for it: send your ex-boss a scathing email, that'll definately baffle him when it disappears from his mailbox, very well priced as well basic service $24 for 1 year.
Simon.