BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 06-10-2007, 09:46 PM   #1 (permalink)
New Member
 
Join Date: Jun 2007
Model: 8700
PIN: N/A
Carrier: AT&T
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Audit Logs

Please Login to Remove!

I removed a user that was recently terminated and then a week later the user was added back to the BES. Where can I look to find out who added this user back. Huge Security issue and anyone's help would be greatly appreciated!!
Offline  
Old 06-10-2007, 10:03 PM   #2 (permalink)
x14
BlackBerry Extraordinaire
 
Join Date: Jul 2005
Location: NYC
Model: 9800
OS: 6.0.0.546
Carrier: AT&T
Posts: 2,344
Post Thanks: 0
Thanked 17 Times in 16 Posts
Default

User add/remove shows up in the Message Agent log. It won't show you who did it.
__________________
Exchange 2007/BES 5.0.2 MR2
Offline  
Old 06-22-2007, 06:38 PM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Jul 2005
Model: 8300
Carrier: AT&T
Posts: 27
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

Here's a snippet of my script if you can figure out the SQL. It shows who added the user, I'm not sure if there's a way to find out who deleted the user (didn't check yet)

Code:
<?php
    /**
     * Returns an array of users who were added on MM/DD/YYYY (string) or between MM/DD/YYYY-MM/DD/YYYY (array)
     *
     * Example Output:
     * Array
     * (
     *     [0] => Array
     *         (
     *             [id] => 5775
     *             [username] => Doe, Jane
     *             [cn_username] => CN=Jane Doe/OU=Location/OU=EAST/O=Company
     *             [pin] => 12345678
     *             [created] => Apr 2 2007  2:36PM
     *             [password] =>
     *             [bes] => BES1
     *             [added_by] => XYZ_CORP\HelpDesk2
     *             [email] => jane.doe@company.com
     *         )
     *
     * @param mixed $timeframe
     * @return array
     */
    function get_added_list($timeframe)
    {
        // date format: Apr 20 2007
        $convert = 'convert(varchar(10),CreationTime,101)';
        if (is_array($timeframe))
        {
        $where = $convert . ' >= ' . "'".$timeframe[0]."'"
                  . ' AND ' . $convert . ' < ' . "'".$timeframe[1]."'";
        }
        else
        {
            $where = $convert . ' >= ' . "'".$timeframe."'"
                  . ' AND ' . $convert . ' < ' . "'".date('m/d/Y', strtotime('tomorrow', strtotime($timeframe)))."'";
        }

        $query = "SELECT
                	uc.id,
                	uc.DisplayName as username,
                	uc.UserName as cn_username,
                	uc.MailboxSMTPAddr as email,
                	uc.PIN as pin,
                	uc.CreationTime as created,
                	uc.KeyGenPassword as password,
                	uc.KeyGenExpiryTime as ea_timeout,
                	sc.MachineName as bes,
                	sch.SecDisplayName as added_by
                FROM UserConfig as uc
                INNER JOIN ServerConfig as sc
                	ON sc.id = uc.ServerConfigId
                INNER JOIN ServerConfigHistory as sch
                	ON uc.id = sch.UserConfigId
                WHERE $where and sch.operation = 'I'
                group by
                	uc.id,
                	uc.DisplayName,
                	uc.UserName,
                	uc.MailboxSMTPAddr,
                	uc.PIN,
                	uc.CreationTime,
                	uc.KeyGenPassword,
                	sc.MachineName,
                	sch.SecDisplayName,
                	uc.KeyGenExpiryTime
                ORDER BY bes, username";

        return $this->mssql_db->get_results($query,ARRAY_A);
    }
?>

Last edited by zerofill : 06-22-2007 at 06:42 PM.
Offline  




Copyright 2004-2016 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.