Re: accessing emails using owa ... traceable?

Sorry, just to clarify, I think my terminology might be wrong / confusing.

This other individual is accessing email through owa from home (Using IE)
using my login / password. I am certain that it is behind a firewall /
router and with dsl service. Not sure if this means the ip address is static
or dynamic (not sure if it matters) and if it is at all traceable. I
understand the event logging would monitor access to email onsite/at work
from a client computer ... but how about when accessing from a remote
location using the web (IE) and owa?
....sorry if this sounds confusing, I am not all that familiar with this or
the wording

Thanks again!!



"help!!" wrote:

Thank you so much for your replies.

I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
(sorry I am not at all a "techie"). If this individual is accessing my email
via owa remotely at home behind a firewall / router then there is no way to
ascertain exactly who is accessing my email ... is this correct? I wont be
able to pinpoint who it is.

Thanks so very much!!


"Joe Kaplan" wrote:

They would only be able to trace back to the point where it was proxied or
NATed. Like I said, it would be very difficult to associate the IP
addresses with anyone in particular with any accuracy.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"help!!" <help@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@xxxxxxxxxxxxxxxx
Would they be able to trace the IP address of the client ... even if the
client is behind a firewall at home?



"Joe Kaplan" wrote:

What difference would the logging make? If another user has your
password,
they are you. Period.

The only way you could differentiate them would be by the IP address of
the
client. This would generally be logged by IIS for OWA. However, if you
don't know the IP address of various clients, it would be difficult to
take
advantage of this. It would also be very hard to prove anything by this.

I wonder, if they are such trusting types, why even ask about such
things.
If you don't trust other people with your password, don't let them have
it.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Bryan Phillips" <bphillips@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23onvBVh%23GHA.4888@xxxxxxxxxxxxxxxxxxxxxxx
The logging occurs regardless of the type of email client: Outlook,
OWA,
or Outlook Mobile. Your Exchange administrator can increase the level
of
auditing to log more details about the activity in your email account.

Bryan Phillips
MCSD, MCDBA, MCSE
Blog: http://bphillips76.spaces.live.com




"help!!" <help!!@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D544588D-B9B9-40CE-85D0-90993196BAB5@xxxxxxxxxxxxx:

Both at work (Entourage is too slow) and when I'm out of the office, I
access
my e-mail via our exchange server using a mac and IE, through
microsoft
outlook web access. There is a password 'system' in place that uses
certain
letters of our names - we are given our passwords and few people
change
them
- we are trusting types.
But it does mean that many of us know each other's passwords. My
question
is
this... in such an 'open' environment, where so many people 'know'
each
other's passwords, are we all able to just surf each other's mailboxes
without detection? I have read here of the 'event 1016' that shows up
on
the
administration logs when someone other than the 'owner' of the account
accesses the account. But does this hold true for web access? Is it
the
case
that my e-mail account, or anyone else's for that matter, is an 'open
book'
when accessed this way or is there a way to detect who is who,
especially
when the user name and password are correct? Sometimes I read that
1016
shows
up only when an unsuccessful attempt is made to access, other times I
read
that it is there every time. Can I, via getting with the
administrator,
prove
that someone, who has my password and is accessing via the web, was
reading
my e-mail?
Thanks in advance.







.

Relevant Pages

  • Re: ActiveDirectoryMembershipProvider & ChangePassword control
    ... a LDAP call is made to create the account in AD. ... If the ActiveDirectoryMembershipProvider does not support this attribute is ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: accessing emails using owa ... traceable?
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... auditing to log more details about the activity in your email account. ... But does this hold true for web access? ...
    (microsoft.public.dotnet.security)
  • Re: AD Query based on SID
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I saw a post back on 08/16/2006 ("Lookup account based ... SID") with a similar question. ...
    (microsoft.public.windows.server.active_directory)
  • Re: accessing emails using owa ... traceable?
    ... "Joe Kaplan" wrote: ... When the user is behind a firewall router, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... This other individual is accessing email through owa from home ...
    (microsoft.public.dotnet.security)
  • Re: how to add "Authorization: Basic" for a web service call
    ... How can I add a second proxy for the remoteAuthentication? ... Joe Kaplan ha scritto: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... NetworkCredential remoteCredentials = new NetworkCredential("a", ...
    (microsoft.public.dotnet.security)