MS Exchange 2007 (Audit Admin Account Control) Admin and System Accounts (Network Steve Forum)

MS Exchange 2007 (Audit Admin Account Control) Admin and System Accounts

Hi All We have an Exchange 2007 Clustered Enviromen , i have a Sys admin accessing user accounts after hours , but by doing this he is using the username and password of a Service account. I need to trace this back and if i can get full times , IP and MAC addresses i will be able to do something about it. This is a major concern as without evedence there cant be anything done to this person. i have tried the following commands and they dont give me to much info : Get-logonstatistics - Identity "U/N" |FT ClientIPAddress, MACaddress, Logontime and so on , but i just need a way of tracing it as soon as possible? Thanks

July 18th, 2012 6:55am

Can be difficult to track down and depending on how the accounts are being accessed. What I would do is change the svc account password, there shouldn't really be a reason why an admin needs this.Sukh

Free Windows Admin Tool Kit Click here and download it now

July 18th, 2012 6:58am

He is Accessing the Mailboxes Via the Blackberry Enterprise Server Username and Password which has access to all Mailboxes in the Information Store, I though he was using something else , He can other log into the BES mailbox through OWA and open mailboxes from there or he can log onto the Bes server and pull info from there. So thats why is i can get a MAC address or IP then i have him.

July 18th, 2012 7:01am

Why no change the password for BES svc account not give it to him?Sukh

Free Windows Admin Tool Kit Click here and download it now

July 18th, 2012 7:09am

I would love to do that , but he needs it to create new BES accounts and review BES logs and so forth , i Spoke to our Group IT Manager and he says we need to follow standards to we all need access to the account.

July 18th, 2012 7:19am

Tell your manager you dont need to have the svc account to perform those tasks. If this is a concern, then you need to change the svc account password. For all the daily tasks and even troubleshooting you dont need the svc account at all. If that was a requirements then I dont think RIM would be selling the product and certainly companies wont be buying it. Sukh

Free Windows Admin Tool Kit Click here and download it now

July 18th, 2012 7:21am

Ok will try and see . how can i enable auditing on the BES mailbox and trace what mailboxes the bes account opens?

July 18th, 2012 7:29am

I don't think that would help much as it will be accessing all mbx enabled for BES. Sukh

Free Windows Admin Tool Kit Click here and download it now

July 18th, 2012 7:38am

This topic is archived. No further replies will be accepted.