Link to home
Start Free TrialLog in
Avatar of al_ghamdi
al_ghamdi

asked on

exchange security.

Hi,
i have a situation, mix between active directry, exchange and security.

Server windows 2003 ENT.
exchange 2003 ENT.

it had been access one of the account, and send an email, its look like by OWA, because it had been sent at 04:00 am.

the user of thats email, telling that he didnt send thats email, and he claim that some one reset his password and send the email.

is there is any way we can trace reset password, or changing password???
and how can we make sure not the user sent thats mail, and change his password after that?

SOLUTION
Avatar of r-k
r-k
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of al_ghamdi
al_ghamdi

ASKER

Hello
the email had been sent from the server, because we found it in the sent item of thats account.

for thats i ignore the fake mail option.
:)
SOLUTION
Avatar of r-k
r-k
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of al_ghamdi
al_ghamdi

ASKER

i was checking deep, and i belive changing the password is registered in the event view in the domain controller, and i can see how thats user password had been changed,

if it had been changed my him self, it mean that he did it, and he is trying to play.

if one of the administrator did it, so we can see him, then he is the one playing in the network,

:)
correct me if iam wrong,!!!
ASKER CERTIFIED SOLUTION
Avatar of r-k
r-k
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of r-k
r-k
Thanks. Wish you success in your search :)