none
Auditar Cambios con Power Shell y EMC 2010 en distintos usuarios Exchange 2010 RRS feed

  • Pregunta

  • Estimados  Ojalá me puedan ayudar con lo siguiente, necesito  auditar los  cmdlet  y las acciones realizadas por la EMC 2010 ya que en mi organización se han delegado  funciones   a otras áreas y es necesarios tener estos  datos,  he  habilitado  el  siguiente parámetro pero no sé cómo revisarlo.

    [PS] C:\Windows\system32>Get-AdminAuditLogConfig


    RunspaceId               : 135a7225-5e86-4206-b7e4-69b3aeaa630b
    AdminAuditLogEnabled     : True
    TestCmdletLoggingEnabled : True
    AdminAuditLogCmdlets     : {*}
    AdminAuditLogParameters  : {*}
    AdminAuditLogAgeLimit    :
    AdminAuditLogMailbox     :
    AdminDisplayName         :
    ExchangeVersion          : 0.10 (14.0.100.0)
    Name                     : Admin Audit Log Settings
    DistinguishedName        : CN=Admin Audit Log Settings,CN=Global Settings,CN=uc,CN=Microsoft Exchange,CN=Services,CN=Co
                               nfiguration,DC=ad,DC=uc,DC=cl
    Identity                 : Admin Audit Log Settings
    Guid                     : 851e3f65-3b46-492c-b79c-c7460676d9e6
    ObjectCategory           : ad.uc.cl/Configuration/Schema/ms-Exch-Admin-Audit-Log-Config
    ObjectClass              : {top, msExchAdminAuditLogConfig}
    WhenChanged              : 19-05-2010 10:22:59
    WhenCreated              : 25-11-2009 19:09:31
    WhenChangedUTC           : 19-05-2010 14:22:59
    WhenCreatedUTC           : 25-11-2009 22:09:31

     

     

     

     

    Adicional tambien elevé el nivel de registro de los cmdlet y emc.

    Identity                                                                                                     EventLev
    --------                                                                                                     --------
    MSExchange ActiveSync\Requests                                                                               Lowest
    MSExchange ActiveSync\Configuration                                                                          Lowest
    MSExchange Antispam\General                                                                                  Lowest
    MSExchange Autodiscover\Core                                                                                 Lowest
    MSExchange Autodiscover\Web                                                                                  Lowest
    MSExchange Autodiscover\Provider                                                                             Lowest
    MSExchange Availability\Availability Service                                                                 Lowest
    MSExchange Availability\Availability Service General                                                         Lowest
    MSExchange Availability\Availability Service Authentication                                                  Lowest
    MSExchange Availability\Availability Service Authorization                                                   Lowest
    MSExchange Common\General                                                                                    Lowest
    MSExchange Common\Configuration                                                                              Lowest
    MSExchange Common\Logging                                                                                    Lowest
    MSExchange Configuration Cmdlet - Management Shell\General                                                   Expert
    MSExchange Configuration Cmdlet - Management Shell\RBAC                                                      Low
    MSExchange Configuration Cmdlet - Remote Management\General                                                  Lowest
    MSExchange Configuration Cmdlet - Remote Management\RBAC                                                     Lowest
    MSExchange Configuration Cmdlet - Control Panel\General                                                      Lowest
    MSExchange Configuration Cmdlet - Control Panel\RBAC                                                         Lowest
    MSExchange Configuration Cmdlet - Management Web Service\General                                             Lowest
    MSExchange Configuration Cmdlet - Management Web Service\RBAC                                                Lowest
    MSExchange Configuration Cmdlet - Management Console\General                                                 Expert

     

     

    lunes, 24 de mayo de 2010 14:22

Respuestas

  • Hola, por si le sirve a  alguien.

    Lo que me faltaba es configurar la casilla   en la cual llegarán  los registros de los cambios, es este caso configuré la de administrador y todas las modificaciones  que  se realicen  llegan aeste destino, por  supuesto que  hay que  habilitar los  log en las lineas AdminAuditLogEnabled     : True  / TestCmdletLoggingEnabled : True, ademas de  deginir los  comados o casillas que se auditarán.


    Atte.

     

    Eduardo

     

     

     [PS] C:\Windows\system32>Get-AdminAuditLogConfig


    RunspaceId               : d300bda0-0d57-4af9-9cad-065df8f5cea9
    AdminAuditLogEnabled     : True
    TestCmdletLoggingEnabled : True
    AdminAuditLogCmdlets     : {*}
    AdminAuditLogParameters  : {*}
    AdminAuditLogAgeLimit    :
    AdminAuditLogMailbox     : administrador@xxx.com
    AdminDisplayName         :
    ExchangeVersion          : 0.10 (14.0.100.0)
    Name                     : Admin Audit Log Settings
    DistinguishedName        : CN=Admin Audit Log Settings,CN=Global Settings,CN=uc,CN=Microsoft Exchange,CN=Services,CN=Co
                               nfiguration,DC=ad,DC=uc,DC=cl
    Identity                 : Admin Audit Log Settings
    Guid                     : 851e3f65-3b46-492c-b79c-c7460676d9e6
    ObjectCategory           : ad.uc.cl/Configuration/Schema/ms-Exch-Admin-Audit-Log-Config
    ObjectClass              : {top, msExchAdminAuditLogConfig}
    WhenChanged              : 24-05-2010 15:36:11
    WhenCreated              : 25-11-2009 19:09:31
    WhenChangedUTC           : 24-05-2010 19:36:11
    WhenCreatedUTC           : 25-11-2009 22:09:31
    OrganizationId           :
    OriginatingServer        : xxxx.cl
    IsValid                  : True

    viernes, 4 de junio de 2010 13:56