Solved

Exchange 2007 logging

Posted on 2010-09-20
4
1,347 Views
Last Modified: 2013-12-04
I want to log if someone is granting himself access to someone's Exchange 2007 mailbox.

If he loads the Exchange Management Console, expands Recipient Configuration, selects Mailbox.  He right clicks on a user, selects Manage Full User Permission and adds himself.

How do I log this?
0
Comment
Question by:magnusthorne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:esmith69
ID: 33720047
Adding the permissions via the Exchange Management Console is definitely not the only way to grant those permissions.  It can be done via the PowerShell as well.

Here is a similar EE post about how to do this.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23391043.html


I guess there's not a lot of capabilities to easily do this that are built in to Exchange.  Seems like there's lots of 3rd-part software that might do it...
0
 
LVL 1

Author Comment

by:magnusthorne
ID: 33720501
http://www.msexchange.org/articles_tutorials/exchange-server-2007/compliance-policies-archiving/exchange-2007-mailbox-access-auditing-part1.html

I enabled some logging as mentioned in the above link.  However, when I click on Exchange Auditing in Event Viewer, it says "Unable to complete the operation on "Exchange Auditing".  Access is denied.".  I'm logged in as the domain administration.  Did I turn off auditing?
0
 
LVL 12

Accepted Solution

by:
GusGallows earned 500 total points
ID: 33743532
I don't think Domain Administrator has sufficient rights on Exchange. You need to make sure you have the appropriate exchange role enabled for your account before turning on that level of auditing.

I believe you could do it if your account had either Exchange Server Administrator (Has to be set for each server), or Exchange Organization Administrator.

Those roles are assigned in the Exchange Management Console under the Exchange Organization tab.

0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question