M
Mark
I am a system administrator in a Windows 2000/2003/XP environment. I have
reason to believe that someone is accessing my Exchange e-mail account, but
need to find out who and how. The reason I think that they are is because I
send out all my e-mails with 'read notification' enabled, unless I'm sending
staff-wide e-mails, then I turn it off for that particular e-mail
individually. I BCC myself on a lot of important e-mails, and this is why I
got read receipts back to myself, in case you were wondering. My Outlook is
configured to always ask me whether I want to send the read notification
back, as I always say 'No' on my own e-mails. Anyway, I have gotten 2 read
receipts sent to me, which in turn also get delivered to my BlackBerry, both
times they have occurred when I was away from my computer, and I always lock
my computer when I leave it, even if just walking over to someone else's
cubicle in the same area. The first notification was on the weekend when I
wasn't even in the office, and the last one was today when I was in a meeting
and away from my desk for well over an hour. Plus, once I got back to the
desk and looked in my Outlook Deleted items, the read receipt had been moved
into it instead of being in the Inbox were it normally would be! I am
thinking that someone is either accessing my e-mails through Outlook Web
Access, or is viewing them through an Outlook client either directly with my
AD credentials or a Domain Admin account has been compromised somehow. I
COULD hurry up and change the passwords to my account and the Domain Admin
account, but I am not 100% sure that it is not a co-worker or a end user
doing this, and if so I want to trace it and then get them fired. But I need
verifiable proof to do this, and changing passwords will only set off a red
flag if its a coworker, and I may never find out who it is. What would you
recommend that I do to track activity as much as possible within my domain?
I am currently on a 2000 domain right now. I have been wanting to move to a
2003 domain, but have been buried in other projects and haven't been able to
start moving in that direction. Only myself and 2 other people have VPN
access into the company, however many have OWA access remotely. Also, for
some reason the EventViewer Security log on my Domain Controller doesn't log
anything. How do I re-enable it to start logging events? This would have
been helpful about right now, I'm sure. Any advice of what to enable or look
for would be most appreciated.
reason to believe that someone is accessing my Exchange e-mail account, but
need to find out who and how. The reason I think that they are is because I
send out all my e-mails with 'read notification' enabled, unless I'm sending
staff-wide e-mails, then I turn it off for that particular e-mail
individually. I BCC myself on a lot of important e-mails, and this is why I
got read receipts back to myself, in case you were wondering. My Outlook is
configured to always ask me whether I want to send the read notification
back, as I always say 'No' on my own e-mails. Anyway, I have gotten 2 read
receipts sent to me, which in turn also get delivered to my BlackBerry, both
times they have occurred when I was away from my computer, and I always lock
my computer when I leave it, even if just walking over to someone else's
cubicle in the same area. The first notification was on the weekend when I
wasn't even in the office, and the last one was today when I was in a meeting
and away from my desk for well over an hour. Plus, once I got back to the
desk and looked in my Outlook Deleted items, the read receipt had been moved
into it instead of being in the Inbox were it normally would be! I am
thinking that someone is either accessing my e-mails through Outlook Web
Access, or is viewing them through an Outlook client either directly with my
AD credentials or a Domain Admin account has been compromised somehow. I
COULD hurry up and change the passwords to my account and the Domain Admin
account, but I am not 100% sure that it is not a co-worker or a end user
doing this, and if so I want to trace it and then get them fired. But I need
verifiable proof to do this, and changing passwords will only set off a red
flag if its a coworker, and I may never find out who it is. What would you
recommend that I do to track activity as much as possible within my domain?
I am currently on a 2000 domain right now. I have been wanting to move to a
2003 domain, but have been buried in other projects and haven't been able to
start moving in that direction. Only myself and 2 other people have VPN
access into the company, however many have OWA access remotely. Also, for
some reason the EventViewer Security log on my Domain Controller doesn't log
anything. How do I re-enable it to start logging events? This would have
been helpful about right now, I'm sure. Any advice of what to enable or look
for would be most appreciated.