Intruder? If the user opens a calendar and checks the free/busy information for a DL it can cause that entry as can any variety of other conditions. No one can access any resource in Exchange or AD they don't have access to. Unless you expend the same level of effort auditing and tracking down every access and failed access to network resources across the enterprise it seems to be a bit of overkill.
It's pretty easy to verify permissions exist or do not exist to allow a user access to a given resource. If they don't exist there is no intrusion. If they do exist there may still be no intrusion (I allow Everyone view access to my calendar, if they open it it's not an intrusion, it's utilization of a granted permission. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albert Duro Posted At: Wednesday, June 06, 2007 10:13 AM Posted To: swynk Conversation: Last Logged on Subject: Re: Last Logged on I would be. Did you check delegations on the 9? How about permissions? Can you impersonate the intruder and try to replicate? Is your password policy such that its formula can easily be guessed? If not, I would scan the intruder's computer for password cracking software. I'd also monitor the intruder very closely, with tracking, exmerge, whatever... ----- Original Message ----- From: "Jean-Paul Natola" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[email protected]> Sent: Wednesday, June 06, 2007 7:45 AM Subject: Last Logged on Hi everyone, I have about 9 mailboxes that were all last logged on by one employee- Googling showed that it may occur if someone did a meeting request, I checked with with one of the users , and they said they did not even get an email from the user, much less a meting request. Should I be concerned? Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
