In my mind, step 0 in this process would be to rename the affected users NT account before even thinking about doing anything else.
> -----Original Message----- > From: Cooke, Brian [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 15, 2002 9:15 AM > To: Exchange Discussions > Subject: RE: Tracking OWA Logons > > Wouldn't IIS Web logons only really show that the account is trying to be > accessed? Is there any way to find out the outside address that is > accessing OWA? He's been unsuccessful in trying to access the user's > account so far. But because of his successive attempts our user is > continually getting locked out on a daily basis. > > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 15, 2002 10:13 AM > To: Exchange Discussions > Subject: RE: Tracking OWA Logons > > > IIS Weblogs > > -----Original Message----- > From: Cooke, Brian [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 15, 2002 7:02 AM > To: Exchange Discussions > Subject: Tracking OWA Logons > > > > > Hi All, > We are running exchange 5.5 SP1 with Win NT. We are having a problem with > an ex-employee trying to access one of our users account. Well let me > rephrase, we think it's one of out former employees but we have no way of > proving it. Is there any way that we can track from where people are > trying > to access OWA? Is there anything that OWA can do to log this? Or will we > need to pick up a third party software utility to see if we can log the > fact > that he is attempting to gain access. Thanks in advance for all your > help. > > > Thanks, > Brian > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
