RE: Exchange Monitoring
ChangeAuditor for Exchange by NetPro can do most of what you want. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 8:20 AM To: MS-Exchange Admin Issues Subject: Exchange Monitoring Hey all, Clients wants to track what domain admins or users with sufficient rights to view mailboxes are actually viewing. Problem is that I can see that x user connected to y mailbox via the event viewer, but I cannot tell them what x user viewed in y mailbox. Is their any 3rd party or tool by MS that will log what is actually being accessed in an exchange mailbox? Contacts, Calendars, Tasks, Inbox, etc.. The issues is that most of the staff allow their calendar to be viewed via delegated rights, so all the event viewer logging is essentially useless for those accounts. Thanks Greg ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
A/V Scanning
Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image002.jpg
RE: A/V Scanning
You need both. You want to catch what you can at the gateway, but whatever slips by the gateway and into the store can be caught when definitions are updated. Otherwise, new viruses could get past the gateway undetected and you would never find them without store scanning. JMHO Bob Fronk [EMAIL PROTECTED] From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
Re: A/V Scanning
IS scanning will also catch output from an infected client that did not come in through the gateway. - Sent from my BlackBerry Wireless Handheld - Original Message - From: Bob Fronk [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Fri Nov 07 07:28:00 2008 Subject: RE: A/V Scanning You need both. You want to catch what you can at the gateway, but whatever slips by the gateway and into the store can be caught when definitions are updated. Otherwise, new viruses could get past the gateway undetected and you would never find them without store scanning. JMHO Bob Fronk [EMAIL PROTECTED] From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I’m thinking that while it adds more depth to the protection, it really doesn’t do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange performance
Correct. If DNS is not set up properly to indicate and segregate servers sites; then you could get arbitrary GC/DC servers in use. Definitely non-optimal. I don't see any reason to leave the FSMO role holder out of the list, but you know your environment best. I would specify AT LEAST two. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange -Original Message- From: Travis Krampy [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2008 10:46 PM To: MS-Exchange Admin Issues Subject: Re: Exchange performance so you mean to uncheck the box to automatically discover Servers under the DA tab? How many would you specify...i was thinking 2, leaving the FSMO holder out of the list of servers Travis Michael B. Smith [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Ouch. This can be a huge problem (and not just for Exchange!). In this case, you should configure Exchange to use specific local DC/GC servers. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange -Original Message- From: Travis Krampy [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2008 8:36 PM To: MS-Exchange Admin Issues Subject: Re: Exchange performance I would like to mention that I recently found out that this customer is using BIND for ALL DNS. It appears that BIND isnt not currently setup to support AD, this is the first step we are doing to resolve some if not a lot of issues. I stumbled upon this when i could not run dcdiag on any of the DC's...i then requested to check the DNS servers (thinking they are MS DNS) and found that they are BIND. They are also not using dymanic updates, so all of the servers need to be manually entered. They also dont have any of the workstation updating in BIND either. has anyone run into this before and have any advice? Thanks Travis Michael B. Smith [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Nope. Exchange needs (uses) both DCs and GCs - if available. Exchange will choose a DC (non-GC) for what it calls its configuration DC. This is a DC that Exchange will use to consolidate all updates to the configuration naming context within Active Directory. The configNC is used to store/update information for the Exchange infrastructure (as opposed to recipient information, which is stored in the domainNC). This can also be VERY important if there are significant updates to the link state between all servers in the Exchange infrastructure. That passes through the configNC. Otherwise, Exchange uses a GC for objects which are non-local (not in the same domain where Exchange exists, or objects which Exchange cannot easily determine where they are located) and a DC in the same domain as the Exchange server for objects where it can determine which AD domain they are located in. All of this can be overridden by manually specifying the DCs and GCs that Exchange will use. Now, none of this applies when Exchange is installed on a DC. In that case, Exchange will only use the server on which it is installed. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange -Original Message- From: Steve Szabo [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 10:22 PM To: MS-Exchange Admin Issues Subject: RE: Exchange performance Michael, I was under the impression that Exchange would only utilize DC's that are global catalogs. Removing this status from those DC's that are generating the long latency periods until the problem could be resolved should help the response time for the Exchange server. Or, I'm totally off base on this one and willing to learn a bit more. \\Steve// -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 9:29 AM To: MS-Exchange Admin Issues Subject: RE: Exchange performance That's a wide-open question. If you have your sites and services configured properly for AD, then they are configured properly for Exchange. Now, how does one define properly for Exchange beyond properly for AD? I would say the following: the domain controllers (including Global Catalog servers) that Exchange utilizes within its site must be capable of meeting the performance requirements of Exchange. If that necessitates Exchange and specific DC/GC servers existing in a dedicated site, then so be it. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange -Original Message- From:
RE: A/V Scanning
Both, and use different vendors for each system. I had one slip past the gateway AV but get caught by the Exchange server. From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 [cid:image001.jpg@01C940BD.AFC723B0] _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~inline: image001.jpg
RE: A/V Scanning
Even if you use the same vendor, there's still a chance that the A/V patterns might be updated after arrival at the gateway and before the recipient tries to access the email. My votes is for both, and multiple scan engines on both gateway and information store. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: [EMAIL PROTECTED] Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: 07 November 2008 14:46 To: MS-Exchange Admin Issues Subject: RE: A/V Scanning Both, and use different vendors for each system. I had one slip past the gateway AV but get caught by the Exchange server. From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
Re: A/V Scanning
The only reason NOT to do both is if you have some very large stores with very large mailbox item counts. VSAPI scanning can start to be a performance problem in those environments. For environments with reasonable quotas - no reason not to scan at every level. On 11/7/08, Randal, Phil [EMAIL PROTECTED] wrote: Even if you use the same vendor, there's still a chance that the A/V patterns might be updated after arrival at the gateway and before the recipient tries to access the email. My votes is for both, and multiple scan engines on both gateway and information store. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: [EMAIL PROTECTED] Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: 07 November 2008 14:46 To: MS-Exchange Admin Issues Subject: RE: A/V Scanning Both, and use different vendors for each system. I had one slip past the gateway AV but get caught by the Exchange server. From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- Sent from my mobile device ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: A/V Scanning
I agree. Also you want to catch anything that a user may bring in, say on a laptop, that send internally. From: Bob Fronk [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:28 AM To: MS-Exchange Admin Issues Subject: RE: A/V Scanning You need both. You want to catch what you can at the gateway, but whatever slips by the gateway and into the store can be caught when definitions are updated. Otherwise, new viruses could get past the gateway undetected and you would never find them without store scanning. JMHO Bob Fronk [EMAIL PROTECTED] From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: A/V Scanning
Thanks for the pointers, all. Sounds like dual protection is the way to go. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
Exchange Monitoring
Hey all, Clients wants to track what domain admins or users with sufficient rights to view mailboxes are actually viewing. Problem is that I can see that x user connected to y mailbox via the event viewer, but I cannot tell them what x user viewed in y mailbox. Is their any 3rd party or tool by MS that will log what is actually being accessed in an exchange mailbox? Contacts, Calendars, Tasks, Inbox, etc.. The issues is that most of the staff allow their calendar to be viewed via delegated rights, so all the event viewer logging is essentially useless for those accounts. Thanks Greg ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: A/V Scanning
We actually do 3 - 1 at the gateway, different one on the IS with multiple engines and a 3rd for desktop/server file systems. From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 7:53 AM To: MS-Exchange Admin Issues Subject: RE: A/V Scanning Thanks for the pointers, all. Sounds like dual protection is the way to go. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: A/V Scanning
We do gateway, server, and client scanning. If you're not checking it, it's probably getting infected. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 10:53 AM To: MS-Exchange Admin Issues Subject: RE: A/V Scanning Thanks for the pointers, all. Sounds like dual protection is the way to go. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 9:14 AM To: MS-Exchange Admin Issues Subject: A/V Scanning Need some thoughts on anti-virus scanning. If all email is scanned at the gateway, is it still advisable to have scanning software for the information store? I'm thinking that while it adds more depth to the protection, it really doesn't do much unless it uses different engines than the gateway. Any concensus on this? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ Any smoothly functioning technology will have the appearance of magic.--Clarke ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
Re: Exchange Monitoring
We're trying to install intrust, but due to the number of apps on the server, we keep having issues with non-paged pooled memory(sp?). It's the straw that keeps crashing the win2k3/exch2k3 servers.. Exch 2007, on our Win2008 servers, rock solid. On Fri, Nov 7, 2008 at 5:20 AM, [EMAIL PROTECTED] wrote: Hey all, Clients wants to track what domain admins or users with sufficient rights to view mailboxes are actually viewing. Problem is that I can see that x user connected to y mailbox via the event viewer, but I cannot tell them what x user viewed in y mailbox. Is their any 3rd party or tool by MS that will log what is actually being accessed in an exchange mailbox? Contacts, Calendars, Tasks, Inbox, etc.. The issues is that most of the staff allow their calendar to be viewed via delegated rights, so all the event viewer logging is essentially useless for those accounts. Thanks Greg ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange Monitoring
You've eliminated Server 2003 SP2 SNP (TCP chimney) as a cause, right? On 11/7/08, Eric Woodford [EMAIL PROTECTED] wrote: We're trying to install intrust, but due to the number of apps on the server, we keep having issues with non-paged pooled memory(sp?). It's the straw that keeps crashing the win2k3/exch2k3 servers.. Exch 2007, on our Win2008 servers, rock solid. On Fri, Nov 7, 2008 at 5:20 AM, [EMAIL PROTECTED] wrote: Hey all, Clients wants to track what domain admins or users with sufficient rights to view mailboxes are actually viewing. Problem is that I can see that x user connected to y mailbox via the event viewer, but I cannot tell them what x user viewed in y mailbox. Is their any 3rd party or tool by MS that will log what is actually being accessed in an exchange mailbox? Contacts, Calendars, Tasks, Inbox, etc.. The issues is that most of the staff allow their calendar to be viewed via delegated rights, so all the event viewer logging is essentially useless for those accounts. Thanks Greg ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- Sent from my mobile device ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange Monitoring
Thanks Michael, I will see the cost on it and if they want to implement that. Greg From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 8:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Monitoring ChangeAuditor for Exchange by NetPro can do most of what you want. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2008 8:20 AM To: MS-Exchange Admin Issues Subject: Exchange Monitoring Hey all, Clients wants to track what domain admins or users with sufficient rights to view mailboxes are actually viewing. Problem is that I can see that x user connected to y mailbox via the event viewer, but I cannot tell them what x user viewed in y mailbox. Is their any 3rd party or tool by MS that will log what is actually being accessed in an exchange mailbox? Contacts, Calendars, Tasks, Inbox, etc.. The issues is that most of the staff allow their calendar to be viewed via delegated rights, so all the event viewer logging is essentially useless for those accounts. Thanks Greg ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange performance
I would like to mention that I recently found out that this customer is using BIND for ALL DNS. It appears that BIND isnt not currently setup to support AD, this is the first step we are doing to resolve some if not a lot of issues. Hey looky#1 hit on the almighty Google for bind for active directory dns http://www.microsoft.com/technet/archive/interopmigration/linux/mvc/cfgbin d.mspx AFAIK, Bind supports everything MS DNS does (and much more) with the exception of interoperable secure update. BUT (and that's a big but), you gotta like dealing with plain text config files, zone templates, and scripting. :) ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~