Concepts and Planning << >>

Auditing

Auditing refers to the system's ability to detect breaches in security. Because Microsoft Exchange Server is a Windows NT Server application, it uses the auditing capabilities of the operating system. Windows NT Server can track significant events related to the operating system itself, such as logon activities and changes to system files. Administrators do not need to have permission to administer Windows NT Server.

In addition, you can configure Microsoft Exchange Server to audit changes to Microsoft Exchange Server services and directory objects. All events are recorded in the Windows NT Event Log, which identifies the action and the Windows NT user account that performed the action. For example, if a user tries to modify a mailbox, and auditing has been configured, Microsoft Exchange Server records the event in the Event Log, along with information about who performed the action.