Urgently need help with Exchange 2000 / Active Directory security issue
From: Sw (swilliams_at_cromwells.co.uk)
Date: 12/30/04
- Next message: tweety358: "Verifying product key"
- Previous message: flakyteabag: "Re: win98 critical updates."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Dec 2004 05:52:04 -0800
We recently had what appears to be someone logging onto the Exchange
2000 server and setting any mail sent to two domain users to be also
forwarded to an external recipient (Contact) that I had set up
previously. This is the second time this has happened in 6 months, and
meant the user whose Contact address this was, was getting mail
destined for these 2 users- obviously a big security risk. Is there ANY
way of finding out which domain user might have made the changes to the
Active Directory objects for these users? Neither previously had any
forwarding set up in Delivery Options.
There doesn't seem to be anything in Event Viewer for this kind of
change, and I can't see any way at all how Active Directory would
choose to set up forwarding to an external recipient in this way.
Furthermore this is the second time this has occurred and there appear
to be patterns (personnel-wise) linking the two events. I'm almost
completely certain that this is deliberate. I have been tasked with
finding out who has done this as quickly as possible.
I've set auditing in Active Directory but for Exchange options I think
you need to set it within Exchange System Manager- but can't seem to
see where auditing for this option is set.
This is extremely urgent, so any help anyone can give me would be much
appreciated! Please reply to the thread or email me
- swilliams at cromwells.co.uk. Thanks for your assistance.
- Next message: tweety358: "Verifying product key"
- Previous message: flakyteabag: "Re: win98 critical updates."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
