purejamie
asked on
Unauthorised mailbox access Exchange 2003
Hello all,
We have a situation in our company where it seems an admin may have been abusing his priviledges and accessing other peoples email accounts.
I'm no expert but have been tasked with collecting as much evidence and logging as possible from the server to try and prove the claims. I understand there are some events posted in the event log, but is there anything else I can save? Is there anything I can pull from the domain controllers (apart from login events). I'm not sure of the logging on the server but if there is anything we can check then I would appreciate someone highlighting for me!
Thanks,
PJ
We have a situation in our company where it seems an admin may have been abusing his priviledges and accessing other peoples email accounts.
I'm no expert but have been tasked with collecting as much evidence and logging as possible from the server to try and prove the claims. I understand there are some events posted in the event log, but is there anything else I can save? Is there anything I can pull from the domain controllers (apart from login events). I'm not sure of the logging on the server but if there is anything we can check then I would appreciate someone highlighting for me!
Thanks,
PJ
Simple change your admin if you don't trust him.
Domain admin always win in any chalenge.
Domain admin always win in any chalenge.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I Have to agree with morpheios here, as an admin you are charged with some very serious security stuffs, if you even have a hankering that your admin is off you should change him.
abuse of an admin account is very serious indeed.
abuse of an admin account is very serious indeed.
ASKER
Complete
http://www.msexchange.org/tutorials/auditing-mailbox-access-exchange-system-manager-event-viewer.html