B
Premium,MVM
join:2000-10-28
| reply to Steve
Re: MS Exchange admin auditing
said by Steve  :said by B : Auditors are idiots. Auditors have arranged it so the entire US economy has to purchase an unwanted service from them with essentially no recourse for bad performance. No, worse, no metric by which to measure "performance" at all! It's an entirely no-news-is-good-news effort, and they can do what they want (or nothing at all) during the audit. They don't share the name with the IRS folks for nothing. At least with accounting there are some kind of rules, but when they delve into IT...
To the OP, sure you can check on logins as maxkool implied -- I use a standard IMAP client to check several Exchange mail accounts and each login is logged in Windows security logs -- but how, exactly, are the auditors going to be notified when a backup tape gets restored to a temporary server or a disk is swapped out or any number of OTHER ways an IT person can peruse the mail store at his or her leisure without ANY way of being tracked? Without cameras everywhere and cattle prods up their butts, IT people are free to... manage IT. Imagine that. 
The auditors have to understand the scope of what they're asking. Sure, if they want to cordon off a tiny piece of the many possible ways, they are welcome to check the event logs. In fact, that's probably the bone that should be tossed their way. But if they had half a clue they'd realize how incomplete that is. Good luck!
-- B
--
In a realm outside causality and function |
