Mailboxes: Audit access and check non-default permissions
Posted on 2011-09-23
I would like to get some suggestion about monitoring non-owners access to user mailboxes on Exchange 2010 SP1.
In most cases only users (should) have access to their mailboxes and I want to monitor if some unauthorized configuration changes or mailbox access have occurred.
On the server I have enabled Set-AdminAuditLogConfig, so every configuration change should be logged.
But here I need two more things:
- From EMS I would like to get the list of mailboxes which has (non-default) additional users added with full-access permissions set. How should look the command?
- Get things logged when non-owner get access to mailbox and just opens/reads mail. I'm not sure this is possible as MessageBind is not applicable for delegates.
Any other idea?