Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Tracking IP address and eventually the user who is logging into Outlook e-mail via OWA

Posted on 2007-11-24
8
Medium Priority
?
872 Views
Last Modified: 2008-02-01
Hi,
We have staff logging into e-mail via Outlook web access.  I've read that you can track who is logging in by tracking their IP address.  Is this tracking automatic or does it need to be turned on?  Does the log show the IP address and does that alone help figure out who is logging in and from where or other there other steps that need to be taken to identify unauthorized people who should not be getting onto our system or to someone elses e-mail if they are a valid user.

Thanks
0
Comment
Question by:slnewt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 750 total points
ID: 20344227

The OWA logs are stored here: C:\WINDOWS\system32\LogFiles\W3SVC1

I know of no MS utility to track by IP but maybe someone knows of a 3rd party app.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 750 total points
ID: 20344557
The only logging is what is available in IIS logs. Nothing in Exchange logs the access. However as they are standard IIS logs, any decent IIS log processing package will be able to process those logs, you may just have to tweak the reports they generate to give you the information you want.
You can modify what is logged by looking at the logging option in IIS Manager, under the default web site.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344591
What program can I get to read the logs?  Also, more importantly can I tell who is accessing the e-mail so we know it is only the authorized person who owns the e-mail account.  For example if Joe is a staff member logging in but not to his accuont but into Mary's e-mail will I be able to find that out?
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 104

Expert Comment

by:Sembee
ID: 20344648
If the user has the credentials of the other account then that will not show in the logs. If you suspect that someone is using their own credentials to login to another account then why do they have permissions to that account? It is not default for users to be able to access other users mailboxes without being granted permissions.

IIS logs are very common - Google for them. There are free ones and there are paid for versions. You could also look at Microsoft's Log Parser tool but you have to build SQL type queries with that.

Simon.
0
 

Author Comment

by:slnewt
ID: 20344666
So basically if someone happens to know my password and gets into my account there is no way to know using the logs?  I thought the person's IP address would show up so I can see if it's me logging in.  So, if I live in San Francisco and log in versus someone who lives in Stanford I can at least tell it's not me logging in based on the location.  Can the log tell me that?

Is there a free version of the IIS log you would recommend or have used before?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20345512
The external IP address will be logged. However for geo information you will need to purchase a database or a product with the database integrated. Geo location from IP address is possible with most ISPs (not all) but I don't know of any free database that goes closer than country, certainly not to city or state level.

I haven't used any free IIS log processing tool enough to make a recommendation.

Simon.
0
 
LVL 16

Assisted Solution

by:2PiFL
2PiFL earned 750 total points
ID: 20345646
I use Wordpad's Find feature for the mailbox in question then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

It's free but is fairly accurate.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20345935

I should have said "I use Wordpad's Find feature for the mailbox in question then look up the IP address it was accessed from, then look it up here:

http://www.geobytes.com/IpLocator.htm?GetLocation

Also:

http://a2zinternet.net/ is a good site to get information on an IP address.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question