Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Checking whose logged onto a mailbox

Status
Not open for further replies.
FJC148

FJC148

Technical User
May 14, 2003
20
GB
We currently have Exchange 5.5 email server, with clients using Outlook.

Is there a way to check who has logged onto other users mailbox's?
 
Sort by date Sort by votes
It should show in the application log of the server that hosts your exchange server. You're looking for:

Source: MSExchangeIS Private
Category: Logons
Event ID: 1016

Cheers.
 
Upvote 0 Downvote
Also, the last account to log on to a mailbox is shown in the Mailbox Resources display of the Private Information Store.

Remember that there can be ligitimate reasons why NT accounts other than the Primary will register against mailboxes - delegate access and calendar views are legitimate and account for the vast majority of these events.
 
Upvote 0 Downvote
I recently had a meeting with my boss (the head of IT) and shortly before it I had found out that he had accessed my mailbox and the mailbox of the human resources manager. I had just sent the human resources manager an email asking for advice, and not wanting him to see it in my mailbox I had then deleted it from my system.

After studying the log I found that he had routinely checked the mailboxes of colleagues in my department, the CEO, the head of finance, and others. I can't speak for the others but my friend and myself gave him no permission to check our mailboxes. We also had no emails that could be considered in any way illegal, or given him cause to think that there were. There was also nothing in our calendars that he wasn't aware of, plus on the last occasion we were in the room with him when he had accessed them.

Does anyone know what the law US/UK law is on this, or do you have an opinion on the ethics of this.

Thanks

 
Upvote 0 Downvote
UK law is easy, if its in the company policy that you stuff can be monitored then TOUGH! If there is no warning to users that mail may be monitored then POW you got himon invasion of privacy.

Check out for more info.

Iain

P.S. Jus tbecause it shows event 1016 in the logs doesn't mean he has accessed it but can mean that he veiwed your calendar......
 
Upvote 0 Downvote
This area is a minefield - you should be careful about taking advice from people who aren't qualified to give legal opinions. The law does differ from country to country, and the right to look in company email can be affected by the contract you sign when becoming an employee, or the email/internet policy you agree to when given an electronic account.

has lots of information.

Does you boss have permissions on the mailboxes to allow him to open them? I would have thought that having this as the default situation would be asking for trouble. Better to restrict the permissions to just the individual users and the service account; and restrict knowledge of the service account password on a need-to-know basis.
 
Upvote 0 Downvote
fjc48 said:
...I had found out that he had accessed my mailbox...
Click to expand...

Its possible he was just accessing your calendar. Accessing any folder in Outlook generates the 1016 event stating that your "mailbox" has been accessed. If your boss doesn't have permissions on your inbox (check the permissions tab on the inbox properties and you'll see who has permissions to your inbox). It's possible that your boss is accessing your inbox some other way but I don't think accessing it through Outlook would be possible if he didn't have the permissions for it.

I see our receptionist logging onto my (and all other staffs') mailbox everyday, but she's just checking everyone's calendar for their appointments, etc.

Cheers.
 
Upvote 0 Downvote
I worked at a company where this was an issue and a fired employee tried to use this a legal recourse. It was by law, in US Massachusetts, that e-mail(just like any other peice of hardware or asset)belongs to the company and they can monitor at will with no prior notification. The law states e-mail as intellectual property and the company owns it. Even if you use say Yahoo or MSN for your e-mail, it can be monitored is you are checkig/viewing it on a company owned resource/PC. I have also had my e-mail checked by previous bosses and it can suck as you do feel kind of violated and that your privacy has been invaded but in reality, the bosses that did do that on a regular basis were not very good managers and this was only one of the symptoms that I had seen. Best to be careful when posting e-mails at work. Usually when I have something confidential, I usually put in a word document with a password on it and verbally give the password to the recipient.

Ok, now that has been said, does anyone know the equivalent of Event ID 1016 in Exchange 2000/2003? Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
1K
BroBias
BroBias
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
1K
Satishkumar007
Satishkumar007

Part and Inventory Search

Sponsor

Back
Top