Is there any way to audit use of System Manager and/or Cluster Administrator? I have checked security settings in ESM itself: when I right-click on the Org and go to Properties, then select Security | Advanced | Auditing, I see an auditing entry that applies to All. All the access items within this entry that are checked (success & fail for: delete, change perms, take ownership, create children, delete children, add/remove self, write properties, delete tree, create public folder, create top level public folder, modify public folder admin ACL, modify public folder replica list, open mail send queue, read metabase properties, administer IS, create named properties in the IS, view IS status, receive as, send as) are inherited, though I don't from what since this is the Org level. Anyway, despite all these checkmarks, my security logs don't record any of the above events.
Per Exchange 2000 Server 24seven, I audit AD logon events and AD account management, as well as logon events on the server. And I have message tracking enabled and keep 7 days of message tracking logs. None of the above tells me when somebody launched ESM and/or tried to manage the Exchange Server, which is what I'd really like to see. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]