• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2914
  • Last Modified:

Exchange mailbox permissions auditing

We have an administrative level user that may be doing a bad thing...specifically, granting herself full mailbox access to other users mailboxes and then (we are guessing) reading their email.

We need to prove this if this really is happening.

The environment is Windows 2003 (with AD) and Exchange 2003.

Thus, is it possible to set up auditing to watch for this specific behavior and show what is happening and by whom?  We do not want to stop it just yet, but record the activity.

Thanks in advance.
2 Solutions
Toni UranjekConsultant/TrainerCommented:
Hi dasmail2000,

It's possible, but you have some reading to do first:
How to monitor mailbox access by auditing or by viewing Mailbox Resources in Exchange Server: http://support.microsoft.com/kb/867640
How to assign service account access to all mailboxes in Exchange Server 2003: http://support.microsoft.com/default.aspx?scid=kb;en-us;821897 <-- to understand involved permissions
Complete tutorial: http://www.msexchange.org/tutorials/Auditing-Mailbox-Access-Exchange-System-Manager-Event-Viewer.html

dasmail2000Author Commented:
I split the points as you two were both right on the money with your identical answers.  Usually it is a first come first serve, but you guys were a mere three minutes apart so I split them.

Hope that is agreeableto you both.

And thanks a ton for the quick and accurate replies.
I'm not sure this solution really is all that helpful. The auditing described shows if a user accessing an Exchange account other than their own, but doesn't specify the *folder.* A user could be legitimately accessing someone else's calendar and it will show up.

Is there a way to actually show that a user viewed another's *inbox* vs. simply queried their calendar?

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now