Checking what exchange mailbox have been accessed by an account?
Posted on 2012-03-27
I am the lone system admin at my company looking after all the desktops/servers/network etc. A few weeks ago I took some vacation so my boss asked me to create a temp admin account for one of the more technical users here so if they needed to logon while I was away to reset passwords etc they could.
No worries there, but when I came back I noticed that person had decided to email the main password file which they were given access too, around to some of the developers as they wanted to make some changes!!! This pee'ed me off, but as I get zero backup when I tackle these issues I let it slide, but today I found something which has worried me.
I added a new mail account into Exchange and when I was looking at the permissions I noticed this temporary admin account had inherited Full Access rights?!?! I did some digging and yep this temp account I created has been given Full Access rights at the top level, so they can open up any mailbox in my company! I had disabled the account when I came back in so nothing has been accessed since, but someone has given this account access to everything and I want to find out who and what was accessed.
I have Exchange 2003 but don't know how I would go about finding what this account would have access during the period I was away, specifically what mailboxes have been opened up with it! Any help on this please?