Thanks for the info. I was taking it with a grain of salt and will. I am in the middle of a security issue here, we are cutting off Admin access, I'm looking into giving rights to those certain few individuals need to have some sort of Admin access. I'll be sure not to let anyone get fired over the info logged in the Mailbox Resources. Thanks again.
-----Original Message----- From: Steve Balen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 8:43 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Administration logons This question raises some old debates on how reliable the "last logon" log really is as far as detecing unwarranted mailbox logons. Unfortunatly, because a number of valid reasons exist that could show an admin logging into someone else box, it is very hard if not impossible to determine if an admin is legitamatley logging into someomes mailbox or not. On the server side - if you have things like mailbox manager running, and it happens to connect via an admin account rather than using the service account, it will show upin the log. Also, if you touch a users mailbox via a mapi interface (like blackberry) it can show up in that log. If there is a special process or a schedule task that runs using an admins credentials, it can show up in the log. So you see where I am getting at with this. This has always been a sore spot as far as I am conerned with granting folks service adin privs to their own accounts rather than just sharing the service account password with anyone - this way it can be logged per person and not per the service account. Alo, enforcing policies such as no admins user account with service admin privs should be used for setting up software or acting as a scheduled tasks service account. It isn't a perfect policy, but it narrows down when someone is using their privs legitimatly or not. Unfortunatly, managers who rely on these logs as a tell all, who do not understand the inner works of exchange, use it to fire folks all of the time. -----Original Message----- From: [EMAIL PROTECTED] at INTERNET Sent: Thursday, July 11, 2002 9:30 AM To: Balen, Steve B - Raleigh, NC; [EMAIL PROTECTED] at INTERNET Subject: Exchange Administration logons Exchange 5.5 sp4 NT 4.0 sp6 I am wondering why the Administrator logs on to most but not all mailboxes, some mailboxes have not been logged into by the Administrator last. I'm looking in Exchange Admin/Connections/Server/Mailbox Resources. You can see the NT account that last logged into the mailbox there. I don't know how reliable that is, therefore my question.... As far as I know your account gets logged even if you simply check someone's calendar. I know there are utils that run on the database each night, could that be one of the reasons the Administrator is the last logon to most accounts? Any information is appreciated. Desiree List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
