Exchange 2003 Security Issue
Any user can log into exchange 2003 owa and it able to get anyones mail box by going to to the address bar after the http:webmail.domain.org and entering another users user id. For example they log into
http://webmail.domainname.org and then after they are logged in they can just add /userid in the adress bar after the
http://webmail.domainname.org and they are in another users mail box. It has been sometme since I have had to deal with exchange 2003 security settings did not know if I should examine IIS
permissions or mailbox permissions and two I did not want to go start chaning things and break something else.
September 10th, 2011 7:48pm
On Sat, 10 Sep 2011 23:42:25 +0000, MLFJ wrote:
>Any user can log into exchange 2003 owa and it able to get anyones mail box by going to to the address bar after the http:webmail.domain.org and entering another users user id.
Verify that you haven't given full mailbox access to some group like
"Everyone" or "Authenticated Users". If you have, use ADSIEDIT and fid
out where you've done that and undo it.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2011 9:05pm
In ESM go to the very top level, properties and security tab, sometimes admins mistakenly give everyone, authenticated users, full permissions or receive all (equivalent to full mailbox access). If you don't see it at the root work your way down to the org
level, storage group, database and take a look at the perms there. If you don't see the security tab need to add the reg key.
How to enable the Security tab for the organization object in Exchange 2000 and in Exchange 2003
http://support.microsoft.com/kb/264733James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
September 11th, 2011 6:55pm
In ESM go to the very top level, properties and security tab, sometimes admins mistakenly give everyone, authenticated users, full permissions or receive all (equivalent to full mailbox access). If you don't see it at the root work your way down to the org
level, storage group, database and take a look at the perms there. If you don't see the security tab need to add the reg key.
How to enable the Security tab for the organization object in Exchange 2000 and in Exchange 2003
http://support.microsoft.com/kb/264733James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2011 6:55pm