Audit Trail of Changes done with MFCMAPI

Feb 16, 2011 at 12:43 PM


we have an XCH2010 environment and of course our sysadmins use MFCMAPI to debug on the lowest possible level issues on mailboxes and repair those.

However, this tool provides functionality that might - if used with malicious intent - pose possible data leakage risks, e.g. it allows you to copy mail items from one mailbox to another, where the owner of the mailbox you copy the mail to can even open and read the mai.

Is there any audit trail that keeps track of who did what with this tool? 

Thanks for sharing your experience!


Feb 16, 2011 at 1:26 PM

There's mailbox audit logging:

There's nothing in MFCMAPI for the sort of logging you're asking for. Keep in mind that MFCMAPI can only access data that the user has permission to access. If you don't want your admins to have access to the user's e-mails, don't give them access.

Feb 17, 2011 at 7:49 AM

Yes, and the mailbox audit logging  is turned on at the highest possible level - however, if you use it to copy an email from mailbox to another this is not reflected in the logs.