Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Implementing Exchange Server 2010 Security : Auditing Exchange Server Usage

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
8/9/2011 4:28:57 PM
Auditing lets you track what's happening with Exchange Server. You can use auditing to collect information related to information logons and logoffs, permission use, and much more. Any time an action that you've configured for auditing occurs, this action is written to the system's security log, where it's stored for your review. You can access the security log from Event Viewer.

1. Using Auditing

You enable auditing in the domain through Group Policy. You can think of group policies as sets of rules that help you manage resources. You can apply group policies to domains, organizational units within domains, and individual systems. Policies that apply to individual systems are referred to as local group policies and are stored only on the local system. Other group policies are linked as objects in Active Directory.

You can audit Exchange activity by enabling auditing in a Group Policy object applied to your Exchange servers. This policy object can be a local Group Policy object or an Active Directory Group Policy object. You manage a server's local Group Policy object using the Local Security Policy tool. You manage Active Directory Group Policy using the Group Policy Management Console (GPMC). GPMC is included as a Windows feature with Windows Vista and later versions of the Windows operating system. After you add GPMC as a feature, you can access it on the Administrative Tools menu.

2. Configuring Auditing

You can enable Exchange auditing by completing the following steps:

  1. Start the Group Policy Management Console by clicking Start, All Programs, Administrative Tools, Group Policy Management. You can now navigate through the forest and domains in the organization to view individual Group Policy objects.

  2. To specifically audit users' actions on Exchange Server, you should consider creating an organizational unit (OU) for Exchange servers and then define auditing policy for a Group Policy object applied to the OU. After you've created the OU or if you have an existing OU for Exchange servers, right-click the related policy object, and then select Edit to open the policy object for editing in Group Policy Management Editor.

  3. As shown in Figure 1 you access the Audit Policy node by working your way down through the console tree. Expand Computer Configuration, Policies, Windows Settings, Security Settings, and Local Policies. Then select Audit Policy.

    Figure 1. Use the Audit Policy node in Group Policy Management Editor to enable auditing.

  4. You should now see the following auditing options:

    • Audit Account Logon Events Tracks user account authentication during logon. Account logon events are generated on the authenticating computer when a user is authenticated.

    • Audit Account Management Tracks account management by means of Active Directory Users And Computers. Events are generated any time user, computer, or group accounts are created, modified, or deleted.

    • Audit Directory Service Access Tracks access to Active Directory. Events are generated any time users or computers access the directory.

    • Audit Logon Events Tracks local logon events for a server or workstation.

    • Audit Object Access Tracks system resource usage for mailboxes, information stores, and other types of objects.

    • Audit Policy Change Tracks changes to user rights, auditing, and trust relationships.

    • Audit Privilege Use Tracks the use of user rights and privileges, such as the right to create mailboxes.

    • Audit Process Tracking Tracks system processes and the resources they use.

    • Audit System Events Tracks system startup, shutdown, and restart, as well as actions that affect system security or the security log.

  5. To configure an auditing policy, double-click or right-click its entry, and then select Properties. This opens a Properties dialog box for the policy.

  6. Select the Define These Policy Settings check box, and then select the Success check box, the Failure check box, or both. Success logs successful events, such as successful logon attempts. Failure logs failed events, such as failed logon attempts.

  7. Repeat steps 5 and 6 to enable other auditing policies. The policy changes won't be applied until the next time you start the Exchange server.

Other -----------------
- Configuring Small Business Server 2011 in Hyper-V : Creating a Virtual Machine (part 2) - Machine Settings
- Configuring Small Business Server 2011 in Hyper-V : Creating a Virtual Machine (part 1) - Creating a Basic VM
- Configuring Small Business Server 2011 in Hyper-V : Initial Configuration
- Microsoft Dynamics CRM 2011 : Adding Planning Activities
- Microsoft Dynamics CRM 2011 : Creating a Campaign
- Microsoft Dynamics AX 2009 : The MorphX Tools - Debugger
- Microsoft Dynamics AX 2009 : The MorphX Tools - Best Practices Tool
- Windows Server 2008 Server Core : Working with Terminal Server (part 2)
- Windows Server 2008 Server Core : Working with Terminal Server (part 1)
- Active Directory Domain Services 2008 : Manage Active Directory Domain Services Data - Delete a Group Object
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server