The only way I know of is to increase the logging for the info store to medium and then look for event 1016 in the application log on the exchange server. This is generated every time an account accesses a mailbox that is not its primary mailbox. No amount of permission granting will stop it from being generated.
You can also look in the Exchange properties for the server mailboxes to see who last logged on to a particular mailbox. You could also look in the person's File, Open in Outlook and see if another mailbox is in the recently accessed list. Either way you will need to access the Exchange server or the user's local Outlook. If wrong doing is suspected, it is appropriate for the CEO to order an audit of operations and see what comes up. I'm not aware of any auditing tools that would not require at least minimal access to the user's logon and workstation or the exchange server. Best Regards, Dan Bartley -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, January 05, 2004 03:32 To: Exchange Discussions Subject: Detect unauthorized access to mailbox by administrator Hi, I am a independent consultant hired to investigate an administrator who the CEO belives he is accessing sensative email from others mailbox. While it is NOT possible to configure anything on the exchange server, is there anything I can do a spot-check or any tools like sniffer, so that I can monitor any possible wrong-doing of the administrator? If you have any insight on this issue, please kindly drop me a line at [EMAIL PROTECTED] Cheers, Rick _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
