?
Solved

Exchange 2007 logging

Posted on 2010-09-20
4
Medium Priority
?
1,351 Views
Last Modified: 2013-12-04
I want to log if someone is granting himself access to someone's Exchange 2007 mailbox.

If he loads the Exchange Management Console, expands Recipient Configuration, selects Mailbox.  He right clicks on a user, selects Manage Full User Permission and adds himself.

How do I log this?
0
Comment
Question by:magnusthorne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:esmith69
ID: 33720047
Adding the permissions via the Exchange Management Console is definitely not the only way to grant those permissions.  It can be done via the PowerShell as well.

Here is a similar EE post about how to do this.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23391043.html


I guess there's not a lot of capabilities to easily do this that are built in to Exchange.  Seems like there's lots of 3rd-part software that might do it...
0
 
LVL 1

Author Comment

by:magnusthorne
ID: 33720501
http://www.msexchange.org/articles_tutorials/exchange-server-2007/compliance-policies-archiving/exchange-2007-mailbox-access-auditing-part1.html

I enabled some logging as mentioned in the above link.  However, when I click on Exchange Auditing in Event Viewer, it says "Unable to complete the operation on "Exchange Auditing".  Access is denied.".  I'm logged in as the domain administration.  Did I turn off auditing?
0
 
LVL 12

Accepted Solution

by:
GusGallows earned 2000 total points
ID: 33743532
I don't think Domain Administrator has sufficient rights on Exchange. You need to make sure you have the appropriate exchange role enabled for your account before turning on that level of auditing.

I believe you could do it if your account had either Exchange Server Administrator (Has to be set for each server), or Exchange Organization Administrator.

Those roles are assigned in the Exchange Management Console under the Exchange Organization tab.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month8 days, 20 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question