Monitoring and auditing users on Windows 2008 and Exchange Server

[Techknowledge]

As a network administrator, running a Windows 2008 server, can I monitor and track user behavior and access, as in what have folders or files or machines/hosts have they accessed? If yes, what is the out of the box utility or program via Windows 2008 is available to check every user who logs in the domain and listed in the AD (active directory) what has he or she did and what time they logged on and where did they go once they logged on and what files/programs and for how long they have used.

Another question is, since I use an exchange server and have created accounts via active directory to connect via outlook to the exchange with their profile. Can I read or view their email accounts/messages individually using the exchange server? If yes, how.

Thank you

 

[SecurityTheatre]

As a network administrator, running a Windows 2008 server, can I monitor and track user behavior and access, as in what have folders or files or machines/hosts have they accessed? If yes, what is the out of the box utility or program via Windows 2008 is available to check every user who logs in the domain and listed in the AD (active directory) what has he or she did and what time they logged on and where did they go once they logged on and what files/programs and for how long they have used.

Well, normal Windows audit logging could handle the bulk of that, but the tools to view the logs are pretty weak. In the security policy MMC snapin (in the administrator tools control panel), you should be able to configure logging on a variety of events such as user login and use of permissions. I'm not certain it will give you insight on what programs they're running, however, but it can certainly log successful exercise of permissions to access protected resources, as well as log-in/out activity.

Another question is, since I use an exchange server and have created accounts via active directory to connect via outlook to the exchange with their profile. Can I read or view their email accounts/messages individually using the exchange server? If yes, how.

If you are a member of the "Domain Admin" or "Exchange Admin" groups in the domain, you will be able to open up anyone's email folder. Additionally, you can do it with a variety of other permissions, or if the user has granted your account permission to view their email.

You can simply add another mailbox to your outlook profile. Depending on the version of Outlook, there's also a "connect to mailbox" (or similar) option on one of the menus, but off the top of my head, I recall it changing location and name in various versions of Outlook....