Sys Admin Lockdown – Exchange

Mail provides everyone with a personal database of information.
This information is private and should never be shared.

Concerns about Administrators or other elevated restricted access in exchange should be audited at all cost.

Login to your Exchange 07 system and launch powershell.
Set-EventLogLevel “MSExchangeIS\9000 Private\Logons” -Level Low
Create a new custom event log call it ‘Exchange Audit”
Setup a custom view, Application Log – Event ID 1016.
Setup Log Parser or a similar utility to copy these logs to another secure location in the event the logs are cleared off the system in addition setting up triggers, net sends or e-mails based on events can add more monitoring security to the challenge.


About noneil
Rapper turned Rockstar!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: