He's added himself twice and he still works there? I imagine this check can be dome programmatically as well, but its been so long I worked with 5.5 the method escapes me... some ADSI scripting I imagine? (ADSI Scripting for System Administration by Thomas Eck... might as well own it if you're still running 5.5)
Could also look at the Ecora suite of applications which give really useful change control data.... which can be extremely useful when you have people doing things they shouldn't and you need to undo something stupid they might have done > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:bounce- > [EMAIL PROTECTED] On Behalf Of Blunt, James H (Jim) > Posted At: Wednesday, August 04, 2004 5:15 PM > Posted To: swynk > Conversation: Security permissions in Exchange 5.5... > Subject: Security permissions in Exchange 5.5... > > Environment: > OS: Win2k SP4 with all critical patches > Exchange: 5.5 SP4 > > Problem: > I need to monitor when and where a certain person in our company is > granting > himself permissions to the Exchange organization. There are two Domain > Admins with permissions to the system, the Exchange service account, the > backup account and the Help Desk guys with View Only permissions. He > would > have to hack one of the account passwords to add himself back to the > system. > > This is the second time this individual has added himself to the Exchange > Org with service account level privileges, throughout every level of the > org. Where would I go to increase the security logging of the Exchange > system? The only place I can find to increase the levels of Exchange's > logging of permissions, is in the Servers container and below. I could > increase the logging for: > > Servers > MSExchangeDS > Security > Directory Access > MSExchangeIS > Public > Access Control > Private > Access Control > MSExchangeMTA > Security > Directory Access > > However, I want to be able to log being added to the site and > organizational > levels as well. Is there any way to do this? Can you point me to some > reading? > > Thanks, > > Jim Blunt _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
