Determine what IP address has accessed Exchange 2007

One of my clients is concerned that some sensitive information has leaked from the CEO's email in the past few months

 Is there a way to determine what IP addresses have connected to the Exchange 2007 server?

The person who got in would probably have known his password.

I will go through the IIS logs, but are there also logs for IMAP and Active Sync?

dan_computerxAsked:
Who is Participating?
 
losipConnect With a Mentor Commented:
Access via OWA will be logged in the IIS logs - by default at C:\Windows\system32\LogFiles\W3SVC1.

I don't suppose the CEO lost his BlackBerry in the past few months?

By default, IMAP logging is disabled.  It's a bit late now but see this article how to enable it: http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-server-2007-log-files-part2.html
0
 
dan_computerxAuthor Commented:
The answer didn't tell me anything I didn't already know, but I don't think there was a good answer.
0
 
dan_computerxAuthor Commented:
I forgot to mention.  Active Sync goes through IIS, as does Outlook Anywhere.  I should have remembered that; I had to raise the TCP timeouts on the firewall to avoid errors.  I just didn't think of it with management breathing down my neck.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.