dasmail2000
asked on
Exchange mailbox permissions auditing
We have an administrative level user that may be doing a bad thing...specifically, granting herself full mailbox access to other users mailboxes and then (we are guessing) reading their email.
We need to prove this if this really is happening.
The environment is Windows 2003 (with AD) and Exchange 2003.
Thus, is it possible to set up auditing to watch for this specific behavior and show what is happening and by whom? We do not want to stop it just yet, but record the activity.
Thanks in advance.
We need to prove this if this really is happening.
The environment is Windows 2003 (with AD) and Exchange 2003.
Thus, is it possible to set up auditing to watch for this specific behavior and show what is happening and by whom? We do not want to stop it just yet, but record the activity.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm not sure this solution really is all that helpful. The auditing described shows if a user accessing an Exchange account other than their own, but doesn't specify the *folder.* A user could be legitimately accessing someone else's calendar and it will show up.
Is there a way to actually show that a user viewed another's *inbox* vs. simply queried their calendar?
Is there a way to actually show that a user viewed another's *inbox* vs. simply queried their calendar?
ASKER
Hope that is agreeableto you both.
And thanks a ton for the quick and accurate replies.