Netwrix Auditor allows tracking non-owner mailbox access in your Exchange organization.
It is recommended to select Adjust audit settings automatically option when setting up Exchange monitoring in Netwrix Auditor. See Settings for Data Collection for more information.
However, in some scenarios users may need to apply required audit settings manually. For that, review the following procedures:
- To configure mailbox access tracking for Exchange 2019, 2016 and 2013 manually
- To configure mailbox access tracking for Exchange 2010 manually
NOTE: Perform the procedures below only if you do not want to enable the automatic audit configuration option when setting up monitoring in Netwrix Auditor.
You can configure auditing for:
- All mailboxes (User, Shared, Linked, Equipment, and Room mailbox)
- Selected mailboxes
NOTE: If you are going to audit multiple Exchange servers, repeat these steps for each audited Exchange server.
NOTE: If you are going to audit multiple individual mailboxes, repeat these steps for each mailbox on each Exchange server.
NOTE: Perform the procedure below only if you do not want to enable network traffic compression option when setting up Exchange monitoring in Netwrix Auditor.
- On the computer where the monitored Exchange server is installed, navigate to Start → Programs → Exchange Management Shell.
Execute the following command:
Set-EventLogLevel "MSExchangeIS\9000 Private\Logons" –Level Low
- Navigate to Start → Run and type "services.msc". In the Services snap-in, locate the Microsoft Exchange Information Store service and restart it.