"help!!" <hel***@discussions.microsoft.com> wrote in message
news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:

> Both at work (Entourage is too slow) and when I'm out of the office, I access
> my e-mail via our exchange server using a mac and IE, through microsoft
> outlook web access. There is a password 'system' in place that uses certain
> letters of our names - we are given our passwords and few people change them
> - we are trusting types.
> But it does mean that many of us know each other's passwords. My question is
> this... in such an 'open' environment, where so many people 'know' each
> other's passwords, are we all able to just surf each other's mailboxes
> without detection? I have read here of the 'event 1016' that shows up on the
> administration logs when someone other than the 'owner' of the account
> accesses the account. But does this hold true for web access? Is it the case
> that my e-mail account, or anyone else's for that matter, is an 'open book'
> when accessed this way or is there a way to detect who is who, especially
> when the user name and password are correct? Sometimes I read that 1016 shows
> up only when an unsuccessful attempt is made to access, other times I read
> that it is there every time. Can I, via getting with the administrator, prove
> that someone, who has my password and is accessing via the web, was reading
> my e-mail?
> Thanks in advance.

"Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in
message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
> The logging occurs regardless of the type of email client: Outlook, OWA,
> or Outlook Mobile.  Your Exchange administrator can increase the level of
> auditing to log more details about the activity in your email account.
>
> Bryan Phillips
> MCSD, MCDBA, MCSE
> Blog:  http://bphillips76.spaces.live.com
>
>
>
>
> "help!!" <hel***@discussions.microsoft.com> wrote in message
> news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
>
>> Both at work (Entourage is too slow) and when I'm out of the office, I
>> access
>> my e-mail via our exchange server using a mac and IE, through microsoft
>> outlook web access. There is a password 'system' in place that uses
>> certain
>> letters of our names - we are given our passwords and few people change
>> them
>> - we are trusting types.
>> But it does mean that many of us know each other's passwords. My question
>> is
>> this... in such an 'open' environment, where so many people 'know' each
>> other's passwords, are we all able to just surf each other's mailboxes
>> without detection? I have read here of the 'event 1016' that shows up on
>> the
>> administration logs when someone other than the 'owner' of the account
>> accesses the account. But does this hold true for web access? Is it the
>> case
>> that my e-mail account, or anyone else's for that matter, is an 'open
>> book'
>> when accessed this way or is there a way to detect who is who, especially
>> when the user name and password are correct? Sometimes I read that 1016
>> shows
>> up only when an unsuccessful attempt is made to access, other times I
>> read
>> that it is there every time. Can I, via getting with the administrator,
>> prove
>> that someone, who has my password and is accessing via the web, was
>> reading
>> my e-mail?
>> Thanks in advance.
>

"Joe Kaplan" wrote:

> What difference would the logging make?  If another user has your password,
> they are you.  Period.
>
> The only way you could differentiate them would be by the IP address of the
> client.  This would generally be logged  by IIS for OWA.  However, if you
> don't know the IP address of various clients, it would be difficult to take
> advantage of this.  It would also be very hard to prove anything by this.
>
> I wonder, if they are such trusting types, why even ask about such things.
> If you don't trust other people with your password, don't let them have it.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in
> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
> > The logging occurs regardless of the type of email client: Outlook, OWA,
> > or Outlook Mobile.  Your Exchange administrator can increase the level of
> > auditing to log more details about the activity in your email account.
> >
> > Bryan Phillips
> > MCSD, MCDBA, MCSE
> > Blog:  http://bphillips76.spaces.live.com
> >
> >
> >
> >
> > "help!!" <hel***@discussions.microsoft.com> wrote in message
> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
> >
> >> Both at work (Entourage is too slow) and when I'm out of the office, I
> >> access
> >> my e-mail via our exchange server using a mac and IE, through microsoft
> >> outlook web access. There is a password 'system' in place that uses
> >> certain
> >> letters of our names - we are given our passwords and few people change
> >> them
> >> - we are trusting types.
> >> But it does mean that many of us know each other's passwords. My question
> >> is
> >> this... in such an 'open' environment, where so many people 'know' each
> >> other's passwords, are we all able to just surf each other's mailboxes
> >> without detection? I have read here of the 'event 1016' that shows up on
> >> the
> >> administration logs when someone other than the 'owner' of the account
> >> accesses the account. But does this hold true for web access? Is it the
> >> case
> >> that my e-mail account, or anyone else's for that matter, is an 'open
> >> book'
> >> when accessed this way or is there a way to detect who is who, especially
> >> when the user name and password are correct? Sometimes I read that 1016
> >> shows
> >> up only when an unsuccessful attempt is made to access, other times I
> >> read
> >> that it is there every time. Can I, via getting with the administrator,
> >> prove
> >> that someone, who has my password and is accessing via the web, was
> >> reading
> >> my e-mail?
> >> Thanks in advance.
> >
>
>
>

"help!!" <h***@discussions.microsoft.com> wrote in message
news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
> Would they be able to trace the IP address of the client ... even if the
> client is behind a firewall at home?
>
>
>
> "Joe Kaplan" wrote:
>
>> What difference would the logging make?  If another user has your
>> password,
>> they are you.  Period.
>>
>> The only way you could differentiate them would be by the IP address of
>> the
>> client.  This would generally be logged  by IIS for OWA.  However, if you
>> don't know the IP address of various clients, it would be difficult to
>> take
>> advantage of this.  It would also be very hard to prove anything by this.
>>
>> I wonder, if they are such trusting types, why even ask about such
>> things.
>> If you don't trust other people with your password, don't let them have
>> it.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in
>> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
>> > The logging occurs regardless of the type of email client: Outlook,
>> > OWA,
>> > or Outlook Mobile.  Your Exchange administrator can increase the level
>> > of
>> > auditing to log more details about the activity in your email account.
>> >
>> > Bryan Phillips
>> > MCSD, MCDBA, MCSE
>> > Blog:  http://bphillips76.spaces.live.com
>> >
>> >
>> >
>> >
>> > "help!!" <hel***@discussions.microsoft.com> wrote in message
>> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
>> >
>> >> Both at work (Entourage is too slow) and when I'm out of the office, I
>> >> access
>> >> my e-mail via our exchange server using a mac and IE, through
>> >> microsoft
>> >> outlook web access. There is a password 'system' in place that uses
>> >> certain
>> >> letters of our names - we are given our passwords and few people
>> >> change
>> >> them
>> >> - we are trusting types.
>> >> But it does mean that many of us know each other's passwords. My
>> >> question
>> >> is
>> >> this... in such an 'open' environment, where so many people 'know'
>> >> each
>> >> other's passwords, are we all able to just surf each other's mailboxes
>> >> without detection? I have read here of the 'event 1016' that shows up
>> >> on
>> >> the
>> >> administration logs when someone other than the 'owner' of the account
>> >> accesses the account. But does this hold true for web access? Is it
>> >> the
>> >> case
>> >> that my e-mail account, or anyone else's for that matter, is an 'open
>> >> book'
>> >> when accessed this way or is there a way to detect who is who,
>> >> especially
>> >> when the user name and password are correct? Sometimes I read that
>> >> 1016
>> >> shows
>> >> up only when an unsuccessful attempt is made to access, other times I
>> >> read
>> >> that it is there every time. Can I, via getting with the
>> >> administrator,
>> >> prove
>> >> that someone, who has my password and is accessing via the web, was
>> >> reading
>> >> my e-mail?
>> >> Thanks in advance.
>> >
>>
>>
>>

"Joe Kaplan" wrote:

> They would only be able to trace back to the point where it was proxied or
> NATed.  Like I said, it would be very difficult to associate the IP
> addresses with anyone in particular with any accuracy.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "help!!" <h***@discussions.microsoft.com> wrote in message
> news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
> > Would they be able to trace the IP address of the client ... even if the
> > client is behind a firewall at home?
> >
> >
> >
> > "Joe Kaplan" wrote:
> >
> >> What difference would the logging make?  If another user has your
> >> password,
> >> they are you.  Period.
> >>
> >> The only way you could differentiate them would be by the IP address of
> >> the
> >> client.  This would generally be logged  by IIS for OWA.  However, if you
> >> don't know the IP address of various clients, it would be difficult to
> >> take
> >> advantage of this.  It would also be very hard to prove anything by this.
> >>
> >> I wonder, if they are such trusting types, why even ask about such
> >> things.
> >> If you don't trust other people with your password, don't let them have
> >> it.
> >>
> >> Joe K.
> >>
> >> --
> >> Joe Kaplan-MS MVP Directory Services Programming
> >> Co-author of "The .NET Developer's Guide to Directory Services
> >> Programming"
> >> http://www.directoryprogramming.net
> >> --
> >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in
> >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
> >> > The logging occurs regardless of the type of email client: Outlook,
> >> > OWA,
> >> > or Outlook Mobile.  Your Exchange administrator can increase the level
> >> > of
> >> > auditing to log more details about the activity in your email account.
> >> >
> >> > Bryan Phillips
> >> > MCSD, MCDBA, MCSE
> >> > Blog:  http://bphillips76.spaces.live.com
> >> >
> >> >
> >> >
> >> >
> >> > "help!!" <hel***@discussions.microsoft.com> wrote in message
> >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
> >> >
> >> >> Both at work (Entourage is too slow) and when I'm out of the office, I
> >> >> access
> >> >> my e-mail via our exchange server using a mac and IE, through
> >> >> microsoft
> >> >> outlook web access. There is a password 'system' in place that uses
> >> >> certain
> >> >> letters of our names - we are given our passwords and few people
> >> >> change
> >> >> them
> >> >> - we are trusting types.
> >> >> But it does mean that many of us know each other's passwords. My
> >> >> question
> >> >> is
> >> >> this... in such an 'open' environment, where so many people 'know'
> >> >> each
> >> >> other's passwords, are we all able to just surf each other's mailboxes
> >> >> without detection? I have read here of the 'event 1016' that shows up
> >> >> on
> >> >> the
> >> >> administration logs when someone other than the 'owner' of the account
> >> >> accesses the account. But does this hold true for web access? Is it
> >> >> the
> >> >> case
> >> >> that my e-mail account, or anyone else's for that matter, is an 'open
> >> >> book'
> >> >> when accessed this way or is there a way to detect who is who,
> >> >> especially
> >> >> when the user name and password are correct? Sometimes I read that
> >> >> 1016
> >> >> shows
> >> >> up only when an unsuccessful attempt is made to access, other times I
> >> >> read
> >> >> that it is there every time. Can I, via getting with the
> >> >> administrator,
> >> >> prove
> >> >> that someone, who has my password and is accessing via the web, was
> >> >> reading
> >> >> my e-mail?
> >> >> Thanks in advance.
> >> >
> >>
> >>
> >>
>
>
>

"help!!" wrote:

> Thank you so much for your replies.
>
> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
> (sorry I am not at all a "techie").  If this individual is accessing my email
> via owa remotely at home behind a firewall / router then there is no way to
> ascertain exactly who is accessing my email ... is this correct?  I wont be
> able to pinpoint who it is. 
>
> Thanks so very much!!
>
>
> "Joe Kaplan" wrote:
>
> > They would only be able to trace back to the point where it was proxied or
> > NATed.  Like I said, it would be very difficult to associate the IP
> > addresses with anyone in particular with any accuracy.
> >
> > Joe K.
> >
> > --
> > Joe Kaplan-MS MVP Directory Services Programming
> > Co-author of "The .NET Developer's Guide to Directory Services Programming"
> > http://www.directoryprogramming.net
> > --
> > "help!!" <h***@discussions.microsoft.com> wrote in message
> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
> > > Would they be able to trace the IP address of the client ... even if the
> > > client is behind a firewall at home?
> > >
> > >
> > >
> > > "Joe Kaplan" wrote:
> > >
> > >> What difference would the logging make?  If another user has your
> > >> password,
> > >> they are you.  Period.
> > >>
> > >> The only way you could differentiate them would be by the IP address of
> > >> the
> > >> client.  This would generally be logged  by IIS for OWA.  However, if you
> > >> don't know the IP address of various clients, it would be difficult to
> > >> take
> > >> advantage of this.  It would also be very hard to prove anything by this.
> > >>
> > >> I wonder, if they are such trusting types, why even ask about such
> > >> things.
> > >> If you don't trust other people with your password, don't let them have
> > >> it.
> > >>
> > >> Joe K.
> > >>
> > >> --
> > >> Joe Kaplan-MS MVP Directory Services Programming
> > >> Co-author of "The .NET Developer's Guide to Directory Services
> > >> Programming"
> > >> http://www.directoryprogramming.net
> > >> --
> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in
> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
> > >> > The logging occurs regardless of the type of email client: Outlook,
> > >> > OWA,
> > >> > or Outlook Mobile.  Your Exchange administrator can increase the level
> > >> > of
> > >> > auditing to log more details about the activity in your email account.
> > >> >
> > >> > Bryan Phillips
> > >> > MCSD, MCDBA, MCSE
> > >> > Blog:  http://bphillips76.spaces.live.com
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > "help!!" <hel***@discussions.microsoft.com> wrote in message
> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
> > >> >
> > >> >> Both at work (Entourage is too slow) and when I'm out of the office, I
> > >> >> access
> > >> >> my e-mail via our exchange server using a mac and IE, through
> > >> >> microsoft
> > >> >> outlook web access. There is a password 'system' in place that uses
> > >> >> certain
> > >> >> letters of our names - we are given our passwords and few people
> > >> >> change
> > >> >> them
> > >> >> - we are trusting types.
> > >> >> But it does mean that many of us know each other's passwords. My
> > >> >> question
> > >> >> is
> > >> >> this... in such an 'open' environment, where so many people 'know'
> > >> >> each
> > >> >> other's passwords, are we all able to just surf each other's mailboxes
> > >> >> without detection? I have read here of the 'event 1016' that shows up
> > >> >> on
> > >> >> the
> > >> >> administration logs when someone other than the 'owner' of the account
> > >> >> accesses the account. But does this hold true for web access? Is it
> > >> >> the
> > >> >> case
> > >> >> that my e-mail account, or anyone else's for that matter, is an 'open
> > >> >> book'
> > >> >> when accessed this way or is there a way to detect who is who,
> > >> >> especially
> > >> >> when the user name and password are correct? Sometimes I read that
> > >> >> 1016
> > >> >> shows
> > >> >> up only when an unsuccessful attempt is made to access, other times I
> > >> >> read
> > >> >> that it is there every time. Can I, via getting with the
> > >> >> administrator,
> > >> >> prove
> > >> >> that someone, who has my password and is accessing via the web, was
> > >> >> reading
> > >> >> my e-mail?
> > >> >> Thanks in advance.
> > >> >
> > >>
> > >>
> > >>
> >
> >
> >

"help!!" <h***@discussions.microsoft.com> wrote in message
news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com...
> Sorry, just to clarify, I think my terminology might be wrong / confusing.
>
> This other individual is accessing email through owa from home (Using IE)
> using my login / password.  I am certain that it is behind a firewall /
> router and with dsl service.  Not sure if this means the ip address is
> static
> or dynamic (not sure if it matters) and if it is at all traceable.  I
> understand the event logging would monitor access to email onsite/at work
> from a client computer ... but how about when accessing from a remote
> location using the web (IE) and owa?
> ...sorry if this sounds confusing, I am not all that familiar with this or
> the wording
>
> Thanks again!!
>
>
>
> "help!!" wrote:
>
>> Thank you so much for your replies.
>>
>> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
>> (sorry I am not at all a "techie").  If this individual is accessing my
>> email
>> via owa remotely at home behind a firewall / router then there is no way
>> to
>> ascertain exactly who is accessing my email ... is this correct?  I wont
>> be
>> able to pinpoint who it is.
>>
>> Thanks so very much!!
>>
>>
>> "Joe Kaplan" wrote:
>>
>> > They would only be able to trace back to the point where it was proxied
>> > or
>> > NATed.  Like I said, it would be very difficult to associate the IP
>> > addresses with anyone in particular with any accuracy.
>> >
>> > Joe K.
>> >
>> > --
>> > Joe Kaplan-MS MVP Directory Services Programming
>> > Co-author of "The .NET Developer's Guide to Directory Services
>> > Programming"
>> > http://www.directoryprogramming.net
>> > --
>> > "help!!" <h***@discussions.microsoft.com> wrote in message
>> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
>> > > Would they be able to trace the IP address of the client ... even if
>> > > the
>> > > client is behind a firewall at home?
>> > >
>> > >
>> > >
>> > > "Joe Kaplan" wrote:
>> > >
>> > >> What difference would the logging make?  If another user has your
>> > >> password,
>> > >> they are you.  Period.
>> > >>
>> > >> The only way you could differentiate them would be by the IP address
>> > >> of
>> > >> the
>> > >> client.  This would generally be logged  by IIS for OWA.  However,
>> > >> if you
>> > >> don't know the IP address of various clients, it would be difficult
>> > >> to
>> > >> take
>> > >> advantage of this.  It would also be very hard to prove anything by
>> > >> this.
>> > >>
>> > >> I wonder, if they are such trusting types, why even ask about such
>> > >> things.
>> > >> If you don't trust other people with your password, don't let them
>> > >> have
>> > >> it.
>> > >>
>> > >> Joe K.
>> > >>
>> > >> --
>> > >> Joe Kaplan-MS MVP Directory Services Programming
>> > >> Co-author of "The .NET Developer's Guide to Directory Services
>> > >> Programming"
>> > >> http://www.directoryprogramming.net
>> > >> --
>> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote
>> > >> in
>> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
>> > >> > The logging occurs regardless of the type of email client:
>> > >> > Outlook,
>> > >> > OWA,
>> > >> > or Outlook Mobile.  Your Exchange administrator can increase the
>> > >> > level
>> > >> > of
>> > >> > auditing to log more details about the activity in your email
>> > >> > account.
>> > >> >
>> > >> > Bryan Phillips
>> > >> > MCSD, MCDBA, MCSE
>> > >> > Blog:  http://bphillips76.spaces.live.com
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> > "help!!" <hel***@discussions.microsoft.com> wrote in message
>> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
>> > >> >
>> > >> >> Both at work (Entourage is too slow) and when I'm out of the
>> > >> >> office, I
>> > >> >> access
>> > >> >> my e-mail via our exchange server using a mac and IE, through
>> > >> >> microsoft
>> > >> >> outlook web access. There is a password 'system' in place that
>> > >> >> uses
>> > >> >> certain
>> > >> >> letters of our names - we are given our passwords and few people
>> > >> >> change
>> > >> >> them
>> > >> >> - we are trusting types.
>> > >> >> But it does mean that many of us know each other's passwords. My
>> > >> >> question
>> > >> >> is
>> > >> >> this... in such an 'open' environment, where so many people
>> > >> >> 'know'
>> > >> >> each
>> > >> >> other's passwords, are we all able to just surf each other's
>> > >> >> mailboxes
>> > >> >> without detection? I have read here of the 'event 1016' that
>> > >> >> shows up
>> > >> >> on
>> > >> >> the
>> > >> >> administration logs when someone other than the 'owner' of the
>> > >> >> account
>> > >> >> accesses the account. But does this hold true for web access? Is
>> > >> >> it
>> > >> >> the
>> > >> >> case
>> > >> >> that my e-mail account, or anyone else's for that matter, is an
>> > >> >> 'open
>> > >> >> book'
>> > >> >> when accessed this way or is there a way to detect who is who,
>> > >> >> especially
>> > >> >> when the user name and password are correct? Sometimes I read
>> > >> >> that
>> > >> >> 1016
>> > >> >> shows
>> > >> >> up only when an unsuccessful attempt is made to access, other
>> > >> >> times I
>> > >> >> read
>> > >> >> that it is there every time. Can I, via getting with the
>> > >> >> administrator,
>> > >> >> prove
>> > >> >> that someone, who has my password and is accessing via the web,
>> > >> >> was
>> > >> >> reading
>> > >> >> my e-mail?
>> > >> >> Thanks in advance.
>> > >> >
>> > >>
>> > >>
>> > >>
>> >
>> >
>> >

"Joe Kaplan" wrote:

> So, when the user connects via their ISP, they will get an IP address that
> way.  It might be static or dynamic via DHCP or PPPoE.  In any case, only
> the ISP would be able to tell you which of its customers had that IP address
> at that time.  When the user is behind a firewall router, then the traffic
> goes through network address translation (NAT) where they will have a
> private address behind the firewall (possibly many, depending on the
> complexity of the private network).
>
> Also, some ISPs use caching proxy servers which make all outbound web
> traffic appear to be from the same IP address (or set of IP addresses).
>
> The bottom line is that it would be very difficult for you to use the IP
> address logged by IIS or Exchange to figure out who the user was.  Like I
> said before, if you were really concerned about making sure you knew who
> accessed your email, your best bet is to keep your passwords to yourselves.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "help!!" <h***@discussions.microsoft.com> wrote in message
> news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com...
> > Sorry, just to clarify, I think my terminology might be wrong / confusing.
> >
> > This other individual is accessing email through owa from home (Using IE)
> > using my login / password.  I am certain that it is behind a firewall /
> > router and with dsl service.  Not sure if this means the ip address is
> > static
> > or dynamic (not sure if it matters) and if it is at all traceable.  I
> > understand the event logging would monitor access to email onsite/at work
> > from a client computer ... but how about when accessing from a remote
> > location using the web (IE) and owa?
> > ...sorry if this sounds confusing, I am not all that familiar with this or
> > the wording
> >
> > Thanks again!!
> >
> >
> >
> > "help!!" wrote:
> >
> >> Thank you so much for your replies.
> >>
> >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
> >> (sorry I am not at all a "techie").  If this individual is accessing my
> >> email
> >> via owa remotely at home behind a firewall / router then there is no way
> >> to
> >> ascertain exactly who is accessing my email ... is this correct?  I wont
> >> be
> >> able to pinpoint who it is.
> >>
> >> Thanks so very much!!
> >>
> >>
> >> "Joe Kaplan" wrote:
> >>
> >> > They would only be able to trace back to the point where it was proxied
> >> > or
> >> > NATed.  Like I said, it would be very difficult to associate the IP
> >> > addresses with anyone in particular with any accuracy.
> >> >
> >> > Joe K.
> >> >
> >> > --
> >> > Joe Kaplan-MS MVP Directory Services Programming
> >> > Co-author of "The .NET Developer's Guide to Directory Services
> >> > Programming"
> >> > http://www.directoryprogramming.net
> >> > --
> >> > "help!!" <h***@discussions.microsoft.com> wrote in message
> >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
> >> > > Would they be able to trace the IP address of the client ... even if
> >> > > the
> >> > > client is behind a firewall at home?
> >> > >
> >> > >
> >> > >
> >> > > "Joe Kaplan" wrote:
> >> > >
> >> > >> What difference would the logging make?  If another user has your
> >> > >> password,
> >> > >> they are you.  Period.
> >> > >>
> >> > >> The only way you could differentiate them would be by the IP address
> >> > >> of
> >> > >> the
> >> > >> client.  This would generally be logged  by IIS for OWA.  However,
> >> > >> if you
> >> > >> don't know the IP address of various clients, it would be difficult
> >> > >> to
> >> > >> take
> >> > >> advantage of this.  It would also be very hard to prove anything by
> >> > >> this.
> >> > >>
> >> > >> I wonder, if they are such trusting types, why even ask about such
> >> > >> things.
> >> > >> If you don't trust other people with your password, don't let them
> >> > >> have
> >> > >> it.
> >> > >>
> >> > >> Joe K.
> >> > >>
> >> > >> --
> >> > >> Joe Kaplan-MS MVP Directory Services Programming
> >> > >> Co-author of "The .NET Developer's Guide to Directory Services
> >> > >> Programming"
> >> > >> http://www.directoryprogramming.net
> >> > >> --
> >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote
> >> > >> in
> >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
> >> > >> > The logging occurs regardless of the type of email client:
> >> > >> > Outlook,
> >> > >> > OWA,
> >> > >> > or Outlook Mobile.  Your Exchange administrator can increase the
> >> > >> > level
> >> > >> > of
> >> > >> > auditing to log more details about the activity in your email
> >> > >> > account.
> >> > >> >
> >> > >> > Bryan Phillips
> >> > >> > MCSD, MCDBA, MCSE
> >> > >> > Blog:  http://bphillips76.spaces.live.com
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> > "help!!" <hel***@discussions.microsoft.com> wrote in message
> >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
> >> > >> >
> >> > >> >> Both at work (Entourage is too slow) and when I'm out of the
> >> > >> >> office, I
> >> > >> >> access
> >> > >> >> my e-mail via our exchange server using a mac and IE, through
> >> > >> >> microsoft
> >> > >> >> outlook web access. There is a password 'system' in place that
> >> > >> >> uses
> >> > >> >> certain
> >> > >> >> letters of our names - we are given our passwords and few people
> >> > >> >> change
> >> > >> >> them
> >> > >> >> - we are trusting types.
> >> > >> >> But it does mean that many of us know each other's passwords. My
> >> > >> >> question
> >> > >> >> is
> >> > >> >> this... in such an 'open' environment, where so many people
> >> > >> >> 'know'
> >> > >> >> each
> >> > >> >> other's passwords, are we all able to just surf each other's
> >> > >> >> mailboxes
> >> > >> >> without detection? I have read here of the 'event 1016' that
> >> > >> >> shows up
> >> > >> >> on
> >> > >> >> the
> >> > >> >> administration logs when someone other than the 'owner' of the
> >> > >> >> account
> >> > >> >> accesses the account. But does this hold true for web access? Is
> >> > >> >> it
> >> > >> >> the
> >> > >> >> case
> >> > >> >> that my e-mail account, or anyone else's for that matter, is an
> >> > >> >> 'open
> >> > >> >> book'
> >> > >> >> when accessed this way or is there a way to detect who is who,
> >> > >> >> especially
> >> > >> >> when the user name and password are correct? Sometimes I read
> >> > >> >> that
> >> > >> >> 1016
> >> > >> >> shows
> >> > >> >> up only when an unsuccessful attempt is made to access, other
> >> > >> >> times I
> >> > >> >> read
> >> > >> >> that it is there every time. Can I, via getting with the
> >> > >> >> administrator,
> >> > >> >> prove
> >> > >> >> that someone, who has my password and is accessing via the web,
> >> > >> >> was
> >> > >> >> reading
> >> > >> >> my e-mail?
> >> > >> >> Thanks in advance.
> >> > >> >
> >> > >>
> >> > >>
> >> > >>
> >> >
> >> >
> >> >
>
>
>

"Joe Kaplan" wrote:

> So, when the user connects via their ISP, they will get an IP address that
> way.  It might be static or dynamic via DHCP or PPPoE.  In any case, only
> the ISP would be able to tell you which of its customers had that IP address
> at that time.  When the user is behind a firewall router, then the traffic
> goes through network address translation (NAT) where they will have a
> private address behind the firewall (possibly many, depending on the
> complexity of the private network).
>
> Also, some ISPs use caching proxy servers which make all outbound web
> traffic appear to be from the same IP address (or set of IP addresses).
>
> The bottom line is that it would be very difficult for you to use the IP
> address logged by IIS or Exchange to figure out who the user was.  Like I
> said before, if you were really concerned about making sure you knew who
> accessed your email, your best bet is to keep your passwords to yourselves.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "help!!" <h***@discussions.microsoft.com> wrote in message
> news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com...
> > Sorry, just to clarify, I think my terminology might be wrong / confusing.
> >
> > This other individual is accessing email through owa from home (Using IE)
> > using my login / password.  I am certain that it is behind a firewall /
> > router and with dsl service.  Not sure if this means the ip address is
> > static
> > or dynamic (not sure if it matters) and if it is at all traceable.  I
> > understand the event logging would monitor access to email onsite/at work
> > from a client computer ... but how about when accessing from a remote
> > location using the web (IE) and owa?
> > ...sorry if this sounds confusing, I am not all that familiar with this or
> > the wording
> >
> > Thanks again!!
> >
> >
> >
> > "help!!" wrote:
> >
> >> Thank you so much for your replies.
> >>
> >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
> >> (sorry I am not at all a "techie").  If this individual is accessing my
> >> email
> >> via owa remotely at home behind a firewall / router then there is no way
> >> to
> >> ascertain exactly who is accessing my email ... is this correct?  I wont
> >> be
> >> able to pinpoint who it is.
> >>
> >> Thanks so very much!!
> >>
> >>
> >> "Joe Kaplan" wrote:
> >>
> >> > They would only be able to trace back to the point where it was proxied
> >> > or
> >> > NATed.  Like I said, it would be very difficult to associate the IP
> >> > addresses with anyone in particular with any accuracy.
> >> >
> >> > Joe K.
> >> >
> >> > --
> >> > Joe Kaplan-MS MVP Directory Services Programming
> >> > Co-author of "The .NET Developer's Guide to Directory Services
> >> > Programming"
> >> > http://www.directoryprogramming.net
> >> > --
> >> > "help!!" <h***@discussions.microsoft.com> wrote in message
> >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
> >> > > Would they be able to trace the IP address of the client ... even if
> >> > > the
> >> > > client is behind a firewall at home?
> >> > >
> >> > >
> >> > >
> >> > > "Joe Kaplan" wrote:
> >> > >
> >> > >> What difference would the logging make?  If another user has your
> >> > >> password,
> >> > >> they are you.  Period.
> >> > >>
> >> > >> The only way you could differentiate them would be by the IP address
> >> > >> of
> >> > >> the
> >> > >> client.  This would generally be logged  by IIS for OWA.  However,
> >> > >> if you
> >> > >> don't know the IP address of various clients, it would be difficult
> >> > >> to
> >> > >> take
> >> > >> advantage of this.  It would also be very hard to prove anything by
> >> > >> this.
> >> > >>
> >> > >> I wonder, if they are such trusting types, why even ask about such
> >> > >> things.
> >> > >> If you don't trust other people with your password, don't let them
> >> > >> have
> >> > >> it.
> >> > >>
> >> > >> Joe K.
> >> > >>
> >> > >> --
> >> > >> Joe Kaplan-MS MVP Directory Services Programming
> >> > >> Co-author of "The .NET Developer's Guide to Directory Services
> >> > >> Programming"
> >> > >> http://www.directoryprogramming.net
> >> > >> --
> >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote
> >> > >> in
> >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
> >> > >> > The logging occurs regardless of the type of email client:
> >> > >> > Outlook,
> >> > >> > OWA,
> >> > >> > or Outlook Mobile.  Your Exchange administrator can increase the
> >> > >> > level
> >> > >> > of
> >> > >> > auditing to log more details about the activity in your email
> >> > >> > account.
> >> > >> >
> >> > >> > Bryan Phillips
> >> > >> > MCSD, MCDBA, MCSE
> >> > >> > Blog:  http://bphillips76.spaces.live.com
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> > "help!!" <hel***@discussions.microsoft.com> wrote in message
> >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
> >> > >> >
> >> > >> >> Both at work (Entourage is too slow) and when I'm out of the
> >> > >> >> office, I
> >> > >> >> access
> >> > >> >> my e-mail via our exchange server using a mac and IE, through
> >> > >> >> microsoft
> >> > >> >> outlook web access. There is a password 'system' in place that
> >> > >> >> uses
> >> > >> >> certain
> >> > >> >> letters of our names - we are given our passwords and few people
> >> > >> >> change
> >> > >> >> them
> >> > >> >> - we are trusting types.
> >> > >> >> But it does mean that many of us know each other's passwords. My
> >> > >> >> question
> >> > >> >> is
> >> > >> >> this... in such an 'open' environment, where so many people
> >> > >> >> 'know'
> >> > >> >> each
> >> > >> >> other's passwords, are we all able to just surf each other's
> >> > >> >> mailboxes
> >> > >> >> without detection? I have read here of the 'event 1016' that
> >> > >> >> shows up
> >> > >> >> on
> >> > >> >> the
> >> > >> >> administration logs when someone other than the 'owner' of the
> >> > >> >> account
> >> > >> >> accesses the account. But does this hold true for web access? Is
> >> > >> >> it
> >> > >> >> the
> >> > >> >> case
> >> > >> >> that my e-mail account, or anyone else's for that matter, is an
> >> > >> >> 'open
> >> > >> >> book'
> >> > >> >> when accessed this way or is there a way to detect who is who,
> >> > >> >> especially
> >> > >> >> when the user name and password are correct? Sometimes I read
> >> > >> >> that
> >> > >> >> 1016
> >> > >> >> shows
> >> > >> >> up only when an unsuccessful attempt is made to access, other
> >> > >> >> times I
> >> > >> >> read
> >> > >> >> that it is there every time. Can I, via getting with the
> >> > >> >> administrator,
> >> > >> >> prove
> >> > >> >> that someone, who has my password and is accessing via the web,
> >> > >> >> was
> >> > >> >> reading
> >> > >> >> my e-mail?
> >> > >> >> Thanks in advance.
> >> > >> >
> >> > >>
> >> > >>
> >> > >>
> >> >
> >> >
> >> >
>
>
>

"help!!" <h***@discussions.microsoft.com> wrote in message
news:D562B5A9-2679-46A8-B954-3C17B03916C3@microsoft.com...
> Sorry one more question...
>
> ...what if they are accessing their own email via owa from home as well as
> mine ... can it be traced / verified this way? ... based on IP addresses?
>

>Sorry one more question...
>
>...what if they are accessing their own email via owa from home as well as
>mine ... can it be traced / verified this way? ... based on IP addresses?
>
>
>
>"Joe Kaplan" wrote:
>
>> So, when the user connects via their ISP, they will get an IP address that
>> way.  It might be static or dynamic via DHCP or PPPoE.  In any case, only
>> the ISP would be able to tell you which of its customers had that IP address
>> at that time.  When the user is behind a firewall router, then the traffic
>> goes through network address translation (NAT) where they will have a
>> private address behind the firewall (possibly many, depending on the
>> complexity of the private network).
>>
>> Also, some ISPs use caching proxy servers which make all outbound web
>> traffic appear to be from the same IP address (or set of IP addresses).
>>
>> The bottom line is that it would be very difficult for you to use the IP
>> address logged by IIS or Exchange to figure out who the user was.  Like I
>> said before, if you were really concerned about making sure you knew who
>> accessed your email, your best bet is to keep your passwords to yourselves.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services Programming"
>> http://www.directoryprogramming.net
>> --
>> "help!!" <h***@discussions.microsoft.com> wrote in message
>> news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com...
>> > Sorry, just to clarify, I think my terminology might be wrong / confusing.
>> >
>> > This other individual is accessing email through owa from home (Using IE)
>> > using my login / password.  I am certain that it is behind a firewall /
>> > router and with dsl service.  Not sure if this means the ip address is
>> > static
>> > or dynamic (not sure if it matters) and if it is at all traceable.  I
>> > understand the event logging would monitor access to email onsite/at work
>> > from a client computer ... but how about when accessing from a remote
>> > location using the web (IE) and owa?
>> > ...sorry if this sounds confusing, I am not all that familiar with this or
>> > the wording
>> >
>> > Thanks again!!
>> >
>> >
>> >
>> > "help!!" wrote:
>> >
>> >> Thank you so much for your replies.
>> >>
>> >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
>> >> (sorry I am not at all a "techie").  If this individual is accessing my
>> >> email
>> >> via owa remotely at home behind a firewall / router then there is no way
>> >> to
>> >> ascertain exactly who is accessing my email ... is this correct?  I wont
>> >> be
>> >> able to pinpoint who it is.
>> >>
>> >> Thanks so very much!!
>> >>
>> >>
>> >> "Joe Kaplan" wrote:
>> >>
>> >> > They would only be able to trace back to the point where it was proxied
>> >> > or
>> >> > NATed.  Like I said, it would be very difficult to associate the IP
>> >> > addresses with anyone in particular with any accuracy.
>> >> >
>> >> > Joe K.
>> >> >
>> >> > --
>> >> > Joe Kaplan-MS MVP Directory Services Programming
>> >> > Co-author of "The .NET Developer's Guide to Directory Services
>> >> > Programming"
>> >> > http://www.directoryprogramming.net
>> >> > --
>> >> > "help!!" <h***@discussions.microsoft.com> wrote in message
>> >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com...
>> >> > > Would they be able to trace the IP address of the client ... even if
>> >> > > the
>> >> > > client is behind a firewall at home?
>> >> > >
>> >> > >
>> >> > >
>> >> > > "Joe Kaplan" wrote:
>> >> > >
>> >> > >> What difference would the logging make?  If another user has your
>> >> > >> password,
>> >> > >> they are you.  Period.
>> >> > >>
>> >> > >> The only way you could differentiate them would be by the IP address
>> >> > >> of
>> >> > >> the
>> >> > >> client.  This would generally be logged  by IIS for OWA.  However,
>> >> > >> if you
>> >> > >> don't know the IP address of various clients, it would be difficult
>> >> > >> to
>> >> > >> take
>> >> > >> advantage of this.  It would also be very hard to prove anything by
>> >> > >> this.
>> >> > >>
>> >> > >> I wonder, if they are such trusting types, why even ask about such
>> >> > >> things.
>> >> > >> If you don't trust other people with your password, don't let them
>> >> > >> have
>> >> > >> it.
>> >> > >>
>> >> > >> Joe K.
>> >> > >>
>> >> > >> --
>> >> > >> Joe Kaplan-MS MVP Directory Services Programming
>> >> > >> Co-author of "The .NET Developer's Guide to Directory Services
>> >> > >> Programming"
>> >> > >> http://www.directoryprogramming.net
>> >> > >> --
>> >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote
>> >> > >> in
>> >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl...
>> >> > >> > The logging occurs regardless of the type of email client:
>> >> > >> > Outlook,
>> >> > >> > OWA,
>> >> > >> > or Outlook Mobile.  Your Exchange administrator can increase the
>> >> > >> > level
>> >> > >> > of
>> >> > >> > auditing to log more details about the activity in your email
>> >> > >> > account.
>> >> > >> >
>> >> > >> > Bryan Phillips
>> >> > >> > MCSD, MCDBA, MCSE
>> >> > >> > Blog:  http://bphillips76.spaces.live.com
>> >> > >> >
>> >> > >> >
>> >> > >> >
>> >> > >> >
>> >> > >> > "help!!" <hel***@discussions.microsoft.com> wrote in message
>> >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com:
>> >> > >> >
>> >> > >> >> Both at work (Entourage is too slow) and when I'm out of the
>> >> > >> >> office, I
>> >> > >> >> access
>> >> > >> >> my e-mail via our exchange server using a mac and IE, through
>> >> > >> >> microsoft
>> >> > >> >> outlook web access. There is a password 'system' in place that
>> >> > >> >> uses
>> >> > >> >> certain
>> >> > >> >> letters of our names - we are given our passwords and few people
>> >> > >> >> change
>> >> > >> >> them
>> >> > >> >> - we are trusting types.
>> >> > >> >> But it does mean that many of us know each other's passwords. My
>> >> > >> >> question
>> >> > >> >> is
>> >> > >> >> this... in such an 'open' environment, where so many people
>> >> > >> >> 'know'
>> >> > >> >> each
>> >> > >> >> other's passwords, are we all able to just surf each other's
>> >> > >> >> mailboxes
>> >> > >> >> without detection? I have read here of the 'event 1016' that
>> >> > >> >> shows up
>> >> > >> >> on
>> >> > >> >> the
>> >> > >> >> administration logs when someone other than the 'owner' of the
>> >> > >> >> account
>> >> > >> >> accesses the account. But does this hold true for web access? Is
>> >> > >> >> it
>> >> > >> >> the
>> >> > >> >> case
>> >> > >> >> that my e-mail account, or anyone else's for that matter, is an
>> >> > >> >> 'open
>> >> > >> >> book'
>> >> > >> >> when accessed this way or is there a way to detect who is who,
>> >> > >> >> especially
>> >> > >> >> when the user name and password are correct? Sometimes I read
>> >> > >> >> that
>> >> > >> >> 1016
>> >> > >> >> shows
>> >> > >> >> up only when an unsuccessful attempt is made to access, other
>> >> > >> >> times I
>> >> > >> >> read
>> >> > >> >> that it is there every time. Can I, via getting with the
>> >> > >> >> administrator,
>> >> > >> >> prove
>> >> > >> >> that someone, who has my password and is accessing via the web,
>> >> > >> >> was
>> >> > >> >> reading
>> >> > >> >> my e-mail?
>> >> > >> >> Thanks in advance.
>> >> > >> >
>> >> > >>
>> >> > >>
>> >> > >>
>> >> >
>> >> >
>> >> >
>>
>>
>>