[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 800
  • Last Modified:

Determine what IP address has accessed Exchange 2007

One of my clients is concerned that some sensitive information has leaked from the CEO's email in the past few months

 Is there a way to determine what IP addresses have connected to the Exchange 2007 server?

The person who got in would probably have known his password.

I will go through the IIS logs, but are there also logs for IMAP and Active Sync?

0
dan_computerx
Asked:
dan_computerx
  • 2
1 Solution
 
losipCommented:
Access via OWA will be logged in the IIS logs - by default at C:\Windows\system32\LogFiles\W3SVC1.

I don't suppose the CEO lost his BlackBerry in the past few months?

By default, IMAP logging is disabled.  It's a bit late now but see this article how to enable it: http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-exchange-server-2007-log-files-part2.html
0
 
dan_computerxAuthor Commented:
The answer didn't tell me anything I didn't already know, but I don't think there was a good answer.
0
 
dan_computerxAuthor Commented:
I forgot to mention.  Active Sync goes through IIS, as does Outlook Anywhere.  I should have remembered that; I had to raise the TCP timeouts on the firewall to avoid errors.  I just didn't think of it with management breathing down my neck.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now