How can I audit who has been reading other users e-mails

Posted on 2007-11-26
Medium Priority
Last Modified: 2010-03-06
Dear Folks,
In my organisation, we are running exchange 2003. Recently I noticed that one of the  junior systems administrator has put his user account in the security of other key director accounts (i.e in AD when I checked the directors account properties, under the security tab, his account was there and having all the permissions to the directors mailboxes). We thought of pulling him in and asking what his account is doing inside other directors mailboxes, but one of the directors has suggested that we actually try and audit to find out what he is up to and what exactly he has been doing in these users mailboxes.
The problem is we don't know where to set up this auditing. Please help

Question by:Ogdhelpdesk
LVL 13

Accepted Solution

cshepfam earned 1000 total points
ID: 20349731
LVL 35

Assisted Solution

rakeshmiglani earned 1000 total points
ID: 20349738
LVL 104

Expert Comment

ID: 20349929
You can only audit access, not down to message level. If the access is regular then that admin should be updating their CV about now.

LVL 22

Expert Comment

ID: 20349935
just curously what perms did the user have?

running tools like Exmerge require specific rights like send-as and recieve-as

Author Comment

ID: 20355564
Every single box is ticked for the user (complete full control). And why would he need to run this tool as himself on the exchange server? We all log in to the exchange server with the admin account.  Finally, the sys admin is not the person who would normally administer our exchange.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
Cloud computing is a model of provisioning IT services. By combining many servers into one large pool and providing virtual machines from that resource pool, it provides IT services that let customers acquire resources at any time and get rid of the…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question