Solved

Exchange 2007 logging

Posted on 2010-09-20
4
1,345 Views
Last Modified: 2013-12-04
I want to log if someone is granting himself access to someone's Exchange 2007 mailbox.

If he loads the Exchange Management Console, expands Recipient Configuration, selects Mailbox.  He right clicks on a user, selects Manage Full User Permission and adds himself.

How do I log this?
0
Comment
Question by:magnusthorne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:esmith69
ID: 33720047
Adding the permissions via the Exchange Management Console is definitely not the only way to grant those permissions.  It can be done via the PowerShell as well.

Here is a similar EE post about how to do this.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23391043.html


I guess there's not a lot of capabilities to easily do this that are built in to Exchange.  Seems like there's lots of 3rd-part software that might do it...
0
 
LVL 19

Expert Comment

by:R--R
ID: 33720284
0
 
LVL 1

Author Comment

by:magnusthorne
ID: 33720501
http://www.msexchange.org/articles_tutorials/exchange-server-2007/compliance-policies-archiving/exchange-2007-mailbox-access-auditing-part1.html

I enabled some logging as mentioned in the above link.  However, when I click on Exchange Auditing in Event Viewer, it says "Unable to complete the operation on "Exchange Auditing".  Access is denied.".  I'm logged in as the domain administration.  Did I turn off auditing?
0
 
LVL 12

Accepted Solution

by:
GusGallows earned 500 total points
ID: 33743532
I don't think Domain Administrator has sufficient rights on Exchange. You need to make sure you have the appropriate exchange role enabled for your account before turning on that level of auditing.

I believe you could do it if your account had either Exchange Server Administrator (Has to be set for each server), or Exchange Organization Administrator.

Those roles are assigned in the Exchange Management Console under the Exchange Organization tab.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question