Exchange 2007 : Mailbox Auditing
- Published Date
- Hits: 2386
From the Exchange Shell on the Mailbox Database Server(s) run the following command to enable auditing:
Set-EventLogLevel "MSExchangeIS\9000 Private\Logons" -level low
This command will return no feedback to the end-user.
You can check that this setting has been applied using the command:
Get-EventLogLevel
Now monitor the Application event log for Event IDs 1013 and 1016
Enable Auditing in Exchange 2007 SP2
SP2 introduces new features for Mailbox Access auditing; a new event log is created on the Exchange Server and it is possible to audit Folder Access, Message Access, Extended Send As and Extended Send On Behalf.
Enable Folder Access using the command:
Set-EventLogLevel "MSExchangeIS\9000 Private\Folder Access" -level low
You can create exceptions to auditing for specific accounts such as service accounts using the command:
Get-MailboxDatabase –identity ‘SERVER’ | Add-ADPermission –User ‘account’ –ExtendedRights ms-Exch-Store-Bypass-Access-Auditing –InheritanceType All
You can now view auditing events in the Exchange Auditing Event Log.
Recent Articles
- WSUS : Enforce SSL Connectivity
- ConfigMgr 2012 : Client Install Error 26001
- ConfigMgr 2012 : Build and Capture Fails with 0x80070002
- Citrix : Profiling Microsoft Office 2010
- ConfigMgr 2012 : Central Administration Site
- ConfigMgr 2012 : Prevent Configuration Manager Using a Hard Drive
- Vyatta : Slow Network Performance x-Subnet
- ConfigMgr 2012 : Secondary Site Distibution Point PXE Error 53
- NetScaler : Upgrading VPX 9.3 to VPX 10
- NetScaler : Configuring Access Gateway for Storefront 1.1
- NetScaler : Load Balancing Storefront 1.1
- Citrix : Deploying XenApp 6.5
- System Center 2012 : ConfigMgr E1000 PXE Boot Crash / Hang
- Exchange 2010 : How to Deploy a Mailbox Database Availability Group (DAG)
- NetScaler : Using VMACs for High Availability
