Re: Audit Help

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 04/16/04 

Date: Fri, 16 Apr 2004 01:39:38 -0400

In news:OBG89T2IEHA.1388@TK2MSFTNGP10.phx.gbl,
Ariel Erlijman <aerlijma@adinet.com.uy> posted their thoughts, then I
offered mine
> Thanks for your tips.
>
> Do you know of any paper that gives a checklist in auditing exchange?
> Regards,
> Arie
>

Since Ex2k & Ex2k3 is AD based, then it's basically auditing AD for logons,
etc. You would also enable Diagnostic logging on the server properties in
the ESM. Look at these two links below:

246904 - XADM- Logging in Exchange 2000 Server:
"For additional information, please see the "Auditing, Protocol Logging, and
Message Tracking" Help topic in Exchange 2000."
http://support.microsoft.com/default.aspx?scid=kb;en-us;246904

260835 - XADM- How to Log Mailbox Access by Computer Name:
http://support.microsoft.com/default.aspx?scid=kb;en-us;260835

And Windows/AD general topics on auditing:

Enable and Apply Windows Security Auditing:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300549&sd=tech

174073 - Auditing User Authentication:
http://support.microsoft.com/default.aspx?scid=kb;en-us;174073

314955 - HOW TO- Audit Active Directory Objects in Windows 2000 [good links
in this one on what to audit]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314955

299475 - Windows 2000 Security Event Descriptions (Part 1 of 2):
http://support.microsoft.com/default.aspx?scid=kb;EN-US;299475

301677 - Windows 2000 Security Event Descriptions (Part 2 of 2):
http://support.microsoft.com/default.aspx?scid=kb;EN-US;301677 

-- 
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. -- 
=================================

Relevant Pages

  • Re: Event Log - Mailbox Access
    ... You can also enable loggin under Diagnostic Logging on the server. ... 246904 - XADM- Logging in Exchange 2000 Server: ... Exchange Security Risk Auditor 2.0 free download by C2C Systems Exchange ... Microsoft Windows MVP - Active Directory ...
    (microsoft.public.exchange2000.admin)
  • Re: IIS Lockdown - access denied securing PF
    ... Well, I'm just guessing, but perhaps Exchange changed them, or perhaps the ... you may have the same problem changing the NTFS auditing ... security properties in Windows Explorer or the REGEDT32 registry editor. ... must change the auditing policy on all domain controllers. ...
    (microsoft.public.inetserver.iis.security)
  • Re: track user logons
    ... including user actions such as logging on and logging off, and the success and failure of key ... Before you enable auditing, it will be important for you to define exactly ... For example, if you decide to audit account logon sessions, you need to consider what the information ... Your security administrators group might be interested in logging failed logon events ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security logging stopped
    ... login successes and failure events was turned on in the RAS server settings. ... enable auditing on your RAS server: ... Note that to enable logging of access to files or registry settings, ... security properties in Windows Explorer or the REGEDT32 registry editor. ...
    (microsoft.public.security)
  • Re: Event ID 538/540/576 fills up Security Log!!
    ... Maybe you don't have auditing for "privilige use" enabled on ... > I wonder why would this happen and if it's really related to backup jobs. ... > Could it be just issues of Exchange Server 2000?? ...
    (microsoft.public.win2000.security)