Auditing
To ensure compliance with archiving regulations, it is important to know if users are tampering with any defined archive stores. For example, although messages cannot be deleted from a store directly, it is possible that a user could surreptitiously disable archiving for a period of time, send an offensive message and then enable archiving once again. It also allows you, as an Administrator, to ensure that users are not abusing their security privileges as each search of the archive can also generate an audit event, including the phrase a user searched for and the messages they viewed.
The auditing feature records every configuration change (including settings, policies, stores and journal mailbox importers) together with user searches and message previews. Auditing options are displayed when the auditing branch is selected in the console tree:
Audit information is recorded in the event log on the server and three levels of audit are available:
Events are also logged if the auditing feature is disabled or enabled, so it is not possible to disable the audit without trace. |