Exhange Logs

[billberge]

Hey, Does anyone know if Exchange 2007 logs when an admin changes a mailbox user full access permissions?

 

[Zelandakh]

Depends on the log settings. Why?

 

[billberge]

We have had some leaks about company information. We feel that either a helpdesk tech or another admin might be granting themselves permissions to some c-level mailboxes and reading emails.

 

[Zelandakh]

So you can't exactly ask them to increase log settings to max and ask them to watch for admins granting themselves access. Interesting position...

 

[billberge]

Yes. You see my dilemma. Which log setting would need to be set? I’ve already changed this one Set-EventLogLevel "MSExchangeIS\9000 Private\Logons" -Level Expert.” Didn’t give me what I was looking for. Any recommendations?

 

[baddos]

In group policy try this:

Computer Configuration
> Policies
> Windows Settings
>Security Settings
>Local Policies/Audit Policy
Audit account management Success, Failure


I'm not sure if this will do what you want, but you can try it out.

 

[billberge]

Thanks for the suggestion baddos. Still not giving me what I'm looking for. I'll keep searching.