MAPI

Protocols (Regular Profile) : Managing Audit, Shadowing and Alerts for Protocols : Audit and Shadowing Rights : MAPI

MAPI

Audit and shadowing rights applicable to the MAPI protocol:

•Audit: Connection - Enables the auditing of user attempts to connect the Outlook client to Microsoft Exchange Server.

The Connection action and the IP address or the name of the host are written to the log. A successful connection to the Microsoft Exchange Server can generate several Connection events.

•Audit: Incoming Messages, Incoming Files - Enables the auditing of user attempts to receive an e-mail message with or without attachments from Microsoft Exchange Server to the Outlook client.

The Incoming Message action, the number of attachments, the e-mail address of the sender and recipients, the message subject are written to the log. The sender address precedes recipient addresses (sender => recipient1, recipient2).

•Audit: Outgoing Messages, Outgoing Files - Enables the auditing of user attempts to send an e-mail message with or without attachments from the Outlook client to Microsoft Exchange Server.

The Outgoing Message action, the number of attachments, the e-mail address of the sender and recipients, the message subject are written to the log. The sender address precedes recipient addresses (sender => recipient1, recipient2).

The number of attachments is always written to the Audit Log.

•Shadowing: Incoming Messages, Incoming Files - Enables the shadow copying of received e-mail messages with or without attachments.

Shadow copies of received e-mail messages with or without attachments are written to the log as .eml files. These files can be opened, for example, in Microsoft Outlook Express, Windows Mail, or Mozilla Thunderbird.

•Shadowing: Outgoing Messages, Outgoing Files - Enables the shadow copying of sent e-mail messages with or without attachments.

Shadow copies of sent e-mail messages with or without attachments are written to the log as .eml files. These files can be opened, for example, in Microsoft Outlook Express, Windows Mail, or Mozilla Thunderbird.

The number of attachments is always written to the Shadow Log.

Note:

•When trying to open a .eml file from the Shadow Log, it may appear that the file cannot be opened by using Outlook 2007. For instructions on how to resolve this issue, see Microsoft’s article at support.microsoft.com/kb/956693.

•The audit and shadowing rights for the MAPI protocol also apply to the drafts of the messages not sent from Outlook to Exchange Server. Thus, if the Outlook user has the right to send messages, DeviceLock would log the audit event and/or create the shadow copy for the saved message draft when the user closes Outlook without sending the message. If the user does not have that right, the audit event and/or shadow copy would be created when saving the message draft in Outlook.