Default Domain Controller Policy and Object level Auditing should be configured for accessing Mailbox Property Changes and Mailbox Permission Changes reports. Upon configuration, events related to mailbox permission and property changes will be recorded in the ′Security Log′ in ′Event Viewer′ . Based on these event details, the Permission and Property Change reports are generated.
Log on using an administrative account.
If Windows 2008, open Group Policy Management from Start -> Administrative tools.
If Windows 2003, select Default Domain Controller Security Settings from Start -> Administrative tools.
Navigate to ForestName -> Domains -> DomainName -> Group Policy Objects -> Default Domain Controller Policy and right click to Edit it.
Navigate to Computer Configuration -> Policies-> Windows Settings -> Security Settings -> Local Policies.
Select Audit Policy.
In the right pane, double click the following policies and enable "Success" and "Failure" settings.
Audit directory service access
Audit object access.
Click Ok.
|
On configuring, all the available data from the event logs will be fetched.
|
Open Active Directory Users and Computers from Start -> Administrative Tools.
Select Advanced Features from View menu to view the advanced security settings.
In the left pane, right click on the Domain and select "Properties".
Under the Security tab, click "Advanced" to open the "Advanced Security Settings for Domain" window.
Under the Auditing tab, click "Add" to add the security principal object to which the policy will be applied.
Enter the object name as "Everyone" and click ok. This opens the "Auditing Entry for the domain"
Specify the Apply Onto field as follows
If Windows Server 2008, Select "Descendant User objects"
If Windows Server 2003, Select "User Objects"
Select "Successful" for the following Access
Write All Properties
Delete
Modify Permissions
All Extended Rights
Click ok.
|
On configuring, all the available data from the event logs will be fetched.
|