One my personal bugbears with Exchange over the last 10 years or so has been the total lack of a useful auditing function. Sure, you can see who accessed a mailbox, but since Outlook 2003 and the extended Free/Data the Windows Server event logs are pretty much useless since you cant tell if someone actually read the mailbox contents maliciously or just invited that user to a meeting and Outlook attempted to read the extended free/busy data from their calendar directly.
Well, Exchange 2007 SP2 introduces a huge leap forward in this respect and Mike Lagase has written a monster of a white paper all about how to perform auditing in an Exchange 2007 environment here…
Posted by Neil Johnson, MCS UK, MCM Exchange 2007
Nice article, it explain for auditing mailbox access in exchange 2007. I read this topic which helps to set the instructions for auditing on exchange server but I have used this exchange server auditing tool from
http://www.lepide.com/lepideauditor/exchange.html that assist to know who grant the permission and who create, delete, change the membership of a group and keep tracks for every changes such as
mailbox changes, Address Book or List changes, policy changes, etc.