[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Exchange 2007 logging

Posted on 2010-09-20
4
Medium Priority
?
1,354 Views
Last Modified: 2013-12-04
I want to log if someone is granting himself access to someone's Exchange 2007 mailbox.

If he loads the Exchange Management Console, expands Recipient Configuration, selects Mailbox.  He right clicks on a user, selects Manage Full User Permission and adds himself.

How do I log this?
0
Comment
Question by:magnusthorne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:esmith69
ID: 33720047
Adding the permissions via the Exchange Management Console is definitely not the only way to grant those permissions.  It can be done via the PowerShell as well.

Here is a similar EE post about how to do this.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23391043.html


I guess there's not a lot of capabilities to easily do this that are built in to Exchange.  Seems like there's lots of 3rd-part software that might do it...
0
 
LVL 1

Author Comment

by:magnusthorne
ID: 33720501
http://www.msexchange.org/articles_tutorials/exchange-server-2007/compliance-policies-archiving/exchange-2007-mailbox-access-auditing-part1.html

I enabled some logging as mentioned in the above link.  However, when I click on Exchange Auditing in Event Viewer, it says "Unable to complete the operation on "Exchange Auditing".  Access is denied.".  I'm logged in as the domain administration.  Did I turn off auditing?
0
 
LVL 12

Accepted Solution

by:
GusGallows earned 2000 total points
ID: 33743532
I don't think Domain Administrator has sufficient rights on Exchange. You need to make sure you have the appropriate exchange role enabled for your account before turning on that level of auditing.

I believe you could do it if your account had either Exchange Server Administrator (Has to be set for each server), or Exchange Organization Administrator.

Those roles are assigned in the Exchange Management Console under the Exchange Organization tab.

0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question