Turn up logging on the Directory and Information Store. Also, make sure account auditing is turned on in the domain...
-----Original Message----- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 6:15 PM To: Exchange Discussions Subject: Security permissions in Exchange 5.5... Environment: OS: Win2k SP4 with all critical patches Exchange: 5.5 SP4 Problem: I need to monitor when and where a certain person in our company is granting himself permissions to the Exchange organization. There are two Domain Admins with permissions to the system, the Exchange service account, the backup account and the Help Desk guys with View Only permissions. He would have to hack one of the account passwords to add himself back to the system. This is the second time this individual has added himself to the Exchange Org with service account level privileges, throughout every level of the org. Where would I go to increase the security logging of the Exchange system? The only place I can find to increase the levels of Exchange's logging of permissions, is in the Servers container and below. I could increase the logging for: Servers MSExchangeDS Security Directory Access MSExchangeIS Public Access Control Private Access Control MSExchangeMTA Security Directory Access However, I want to be able to log being added to the site and organizational levels as well. Is there any way to do this? Can you point me to some reading? Thanks, Jim Blunt _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
