I've inherited an IT environment which is somewhat sketchy.. I was poking around in our exchange servers (2003) application log and among other things found that I had "logged on" to Exchange this morning at 3:40 AM. And no, I did not. Does this necessarily mean that my account is compromised?? I do not have any kind of mobile device configured for email. I had also noticed that there were several other users logging on at odd times. Whereas some of them are BlackBerry users, some others are not and denied logging in at those times. I certainly changed my PW immediately. Can anybody shed any light on this overall situation please? Thanks, Alan

Logging on where? Run the Exbpa to get the more information about it. System will generate the event if you login or logout from it, so that normal. Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah

Here's the login event from the app log on the Exchange Server: "AXTRON\asak logged on as /o=Axtron /ou=First Administrative Group/cn=Recipients/cn=ITAlerts on database "First Storage Group\Mailbox Store (EXCHANGE)". Could those early morning/off time logins be Outlook doing an automatinc, timed Send&Receive.. Is an actual Login required for that?

Mailbox access from secondary users produces alot of false positives, accessing freebusy, calendar sharing etc can flag these events. Do you know if you have this calendar shared ITalerts in your Outlook?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

No, it's not shared... I'm noticing that I'm personally logging in at all hours, so I'm hoping it's just the Outlook client doing auto send/receive. However, if on any basis, this is fradulent, I absolutely need to know..

On Fri, 25 Mar 2011 21:29:36 +0000, DaDuck wrote: > > >Here's the login event from the app log on the Exchange Server: > >"AXTRON\asak logged on as /o=Axtron /ou=First Administrative Group/cn=Recipients/cn=ITAlerts on database "First Storage Group\Mailbox Store (EXCHANGE)". > > > >Could those early morning/off time logins be Outlook doing an automatinc, timed Send&Receive.. It could be. If you're not using Outlook becasue you're asleep then exiting outlook and shutting down your machine would stop it from happening. >Is an actual Login required for that? You mean like you having to provide your user name and password after being challanged? No. It's enough that you logged on to your desktop, started Outlook and connected to your mailbox. Given the legacyExchangeDN I'd say it's a delegate mailbox in your profile. If that's true, you have Full Mailbox Access on that other mailbox and any time you open the mailbox you'll do so using the credentials you logged on with. Since those are different to the delegate mailbox's there's an event logged. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

I'm shutting down my machine this weekend and will check the logs on Monday.......

Also you're not using your account as a service account for any mail related services ie. backups, blackberry etc?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi Alan, One more question, does this logon information occurs on every morning? Also check if there are other applications running with your account. Thanks, Simon