Chat now with support
Chat with Support

Change Auditor for Exchange 7.4 - User Guide

Exchange Mailbox Protection templates

To enable protection, you must first create one or more Exchange Mailbox Protection templates which specify whose mailboxes to lock down. Once Exchange Mailbox Protection templates are defined, they will apply to all Exchange servers that host a Change Auditor agent.

NOTE: If you are planning to use multiple Exchange Mailbox Protection templates, see the Change Auditor Technical Insight Guide for information on how multiple protection templates are evaluated.
2
Click Protection.
3
Select Exchange Mailbox in the Protection task list to open the Exchange Mailbox Protection page.
4
Click Add to start the Exchange Protection wizard which steps you through the process of defining the mailboxes to protect.
5
Use the Browse and Search pages to locate and select a directory object (i.e., User, Group, Container, DomainDNS, OrganizationalUnit, or BuiltinDomain) and click Add to add the selected object to the Selected Object list. Repeat this step to add additional directory objects to the template.
Click Add to add the selected user or group to the Account list.
NOTE: The Allow option is selected by default indicating that the selected users or groups are allowed to access the protected objects. However, you can select the Deny option to select individual users or groups that are not allowed to access the protected objects. When using the Deny option, you are allowing all users and groups to access the protected objects except for those selected on this page.
To allow mailbox owners to bypass protection and be able to access their own mailboxes, select the Mailbox owner can bypass protection check box at the top of this page.
7
Click Finish to create the template, close the wizard, and return to the Exchange Mailbox Protection page, where the newly created template is listed.
2
Click Finish.

The disable feature allows you to temporarily stop protecting the specified mailboxes without having to remove the protection template or individual mailbox from an active template.

1
On the Exchange Mailbox Protection page, place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled
The entry in the Status column for the template will change to ‘Disabled’.
2
To re-enable the protection template, use the Enable option in either the Status cell or right-click menu.
1
On the Exchange Mailbox Protection page, place your cursor in the Status cell for the mailbox whose protection is to be disabled, click the arrow control and select Disabled
The entry in the Status column for the selected mailbox will change to ‘Disabled’.
2
To re-enable protection for the mailbox, use the Enable option in either the Status cell or right-click menu.

Exchange Protection wizard

The Exchange Protection wizard displays when you click Add on the Exchange Mailbox Protection page. This wizard steps you through the process of defining the mailbox to protect from unauthorized access.

The following table provides a description of the fields and controls in the Exchange Protection wizard:

Template Name

Enter a descriptive name for the template being created.

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the directory objects whose mailbox is to be protected from unauthorized access.

Once you have selected a directory object, click Add to add it to the list at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the directory objects whose mailbox is to be protected.

Once you have selected a directory object, click Add to add it to the list at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

 

Exchange Mailbox list

The Exchange mailboxes selected for protection are displayed in the list box at the bottom of the page. Use the buttons located above this list box to add and remove mailboxes.

Add - Select a directory object in the Browse or Search page and then click Add.
Remove - Select an entry in the Exchange Mailbox list and then click Remove.
Enterprise - Click Enterprise to protect all mailboxes in the Enterprise from unauthorized access.

Use this page to optionally select user or group accounts that are allowed (not allowed) to access the selected protected mailboxes.

Allow

The Allow option is selected by default indicating that the users and group selected on this page will be the only accounts allowed to access the protected objects.

Use the Browse or Search page to select the user or group accounts.

Deny

Select the Deny option to allow all users and groups to access the protected objects except for those selected on this page.

Use the Browse or Search page to select the user or group accounts.

Mailbox owner can bypass protection

Select this check box to allow mailbox owners to bypass protection and access their own mailboxes even though they are not explicitly added to the Override Account list.

Browse page

Displays a hierarchical view of the containers in your environment allowing you to locate and select the users or groups that will be allowed (not allowed) to access the protected mailboxes.

Once you have selected an account, click Add to add it to the list at the bottom of the page.

Search page

Use the controls at the top of the Search page to search your environment to locate the users or groups that will be allowed (not allowed) to access the protected mailboxes.

Once you have selected an account, click Add to add it to the list at the bottom of the page.

Options page

Use the Options page to modify the search options used to retrieve directory objects.

Override Account list

The list box at the bottom of this page contains the user and group accounts selected above. Use the buttons located above this list box to add and remove accounts.

Add - Select an account in the Browse or Search page and then click Add.
Remove - Select an entry in the Override Account list and then click Remove.

Managing Shared Mailboxes

Change Auditor for Exchange generates shared mailbox events for shared mailbox, room and equipment resources, and for any other mailboxes identified as shared. Shared mailbox events are generated only when both of the following conditions exist:

If the mailbox is not a shared mailbox, room or equipment resource in an Exchange mailbox store and it has not been manually marked as a shared mailbox by the user, then normal mailbox owner or non-owner events will be generated for the affected mailboxes.

Many of the shared mailbox events are disabled by default. In order to generate these events, they must first be enabled using the Audit Events page on the Administration Tasks tab.

Use the Exchange Mailbox Auditing page on the Administration Tasks tab to ensure shared mailboxes are set up correctly for auditing. From this page, you can:

Automatic shared mailbox detection locates shared mail, equipment and room mailboxes in the network.

2
Click Auditing.
3
Select Exchange Mailboxes under the Applications heading in the Auditing task list.
The Filter Shared Mailboxes Based on Exchange Auditing Scope check box is selected by default and only shared mailboxes that are selected for auditing are displayed. To display all shared mailboxes detected in the network, clear this check box.
6
Click Close to return to the Exchange Mailbox Auditing page.
NOTE: If you have not yet added the shared mailboxes to the Exchange Mailbox Auditing list, click Add on the Exchange Mailbox Auditing page to locate and add the mailboxes to audit.

Any mailbox can be marked as a shared mailbox by manually adding it to the shared mailbox list.

2
Click Auditing.
3
Select Exchange Mailboxes under the Applications heading in the Auditing task list.
5
Open the User Defined page on the Shared Mailboxes dialog.
6
Click Add.
8
Click Finish to return to the Shared Mailboxes dialog, where your selections will now be listed on the User Defined page of this dialog.
9
The default scope of coverage is displayed in the Scope cell. You can change this by placing your cursor in the Scope cell, clicking the arrow control and selecting the appropriate option from the list:
10
The Status field on this page indicates the type of events that are to be generated for the mailbox:
To change this setting, place your cursor in the Status cell, click the arrow control and select the appropriate option from the list.
11
Click Close to save your selections, close the dialog, and return to the Exchange Mailbox Auditing page.
NOTE: If you have not yet added the ‘marked’ mailboxes to the Exchange Mailbox Auditing list, click Add on the Exchange Mailbox Auditing page to locate and add the mailboxes to audit.

Shared Mailbox events

The Exchange Mailbox Monitoring events that can be generated for shared mailboxes include:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating