Unauthorised mailbox access Exchange 2003

Posted on 2011-10-17
Last Modified: 2012-05-12
Hello all,

We have a situation in our company where it seems an admin may have been abusing his priviledges and accessing other peoples email accounts.

I'm no expert but have been tasked with collecting as much evidence and logging as possible from the server to try and prove the claims. I understand there are some events posted in the event log, but is there anything else I can save? Is there anything I can pull from the domain controllers (apart from login events). I'm not sure of the logging on the server but if there is anything we can check then I would appreciate someone highlighting for me!

Question by:purejamie
    LVL 5

    Expert Comment

    LVL 6

    Expert Comment

    Simple change your admin if you don't trust him.

    Domain admin always win in any chalenge.

    Accepted Solution

    Indeed - trouble is you can't change your admin without proof.

    I've looked at the article you posted before rajkr2020 - and have it covered as far as the simple logging is concerned (i.e. pulling the exchange event logs). I was just wondering if there are any under the hood tricks or additional logs I should be looking into whilst the case is pretty fresh.
    LVL 3

    Expert Comment

    I Have to agree with morpheios here, as an admin you are charged with some very serious security stuffs, if you even have a hankering that your admin is off you should change him.

    abuse of an admin account is very serious indeed.


    Author Closing Comment


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now