• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

How can I determine if a user in Outlook accessed a particular Shared Inbox?

Is there a way to determine by analyzing files on an end user's machine if a particular shared inbox in Exchange was opened via their Outlook client?  The Exchange server provided by our vendor does not offer any access logs for us to review, and we want to find out if a user accessed a particular Inbox of another user.  We found that the user had access to the inbox and was not authorized.  The permissions have since been updated but we are trying to review the extent of the damage.

1 Solution
There is nothing on the workstation that will log things.
The server does log access to other mailboxes.

In C:\Documents and Settings\<user login name>\Application Data\Microsoft\Outlook
There will be files named:

I do not think this will be very conclusive because
1- It does not tell you what has been changed
2- You can name a profile whatever you like (i.e. I can log in to boss's mailbox and use janitor's name as profile)
3- The bad guy might have used OWA

Another longshot, If the 'bad guy' happened to open Outlook in cache mode there will be files in:
C:\Documents and Settings\<user login name>\Local Settings\Application Data\Microsoft\Outlook

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now