Auditing is the only other way to record who opened a mailbox. You'd want to audit the event log to see what you get and cross reference that with the user id's. Other processes that open the mailbox include MAPI based virus scanners and any other MAPI based access to the mailboxes. Depends on what you have inst -----Original Message----- From: Stelley, Douglas [mailto:dstelley@xxxxxxx] Sent: Wednesday, October 15, 2003 10:03 AM To: [ExchangeList] Subject: [exchangelist] Exchange tool AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.msexchange.org/thawte/ I've been tasked to provide a report that show when users last opened their mailbox. In ESM, I can go to mailboxes and there is a column "Last Logon Time". This is no good, as each mailbox is touched by "NT AUTHORITY\SYSTEM" too often to be of any use. I need to know when the user got in, not the system. Does anyone know of, or use any such tool? On a similar note, besides the Mailbox Manager, is there any other process that would be using "NT AUTHORITY\SYSTEM" to touch a mailbox? If I stopped, or only ran the management process, say once a month, could I then use the "Last Logon Time" in mailboxes for this report? p.s. the boss wants to know who doesn't yet use the email they've so generously provided..... Doug Stelley Network Administrator Olean General Hospital Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.msexchange.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Confidentiality Notice: The information contained in this message may be legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any release, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error please notify the author immediately by replying to this message and deleting the original message. Thank you.