Any user can log into exchange 2003 owa and it able to get anyones mail box by going to to the address bar after the http:webmail.domain.org and entering another users user id. For example they log into http://webmail.domainname.org and then after they are logged in they can just add /userid in the adress bar after the http://webmail.domainname.org and they are in another users mail box. It has been sometme since I have had to deal with exchange 2003 security settings did not know if I should examine IIS permissions or mailbox permissions and two I did not want to go start chaning things and break something else.

On Sat, 10 Sep 2011 23:42:25 +0000, MLFJ wrote: >Any user can log into exchange 2003 owa and it able to get anyones mail box by going to to the address bar after the http:webmail.domain.org and entering another users user id. Verify that you haven't given full mailbox access to some group like "Everyone" or "Authenticated Users". If you have, use ADSIEDIT and fid out where you've done that and undo it. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

In ESM go to the very top level, properties and security tab, sometimes admins mistakenly give everyone, authenticated users, full permissions or receive all (equivalent to full mailbox access). If you don't see it at the root work your way down to the org level, storage group, database and take a look at the perms there. If you don't see the security tab need to add the reg key. How to enable the Security tab for the organization object in Exchange 2000 and in Exchange 2003 http://support.microsoft.com/kb/264733James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

In ESM go to the very top level, properties and security tab, sometimes admins mistakenly give everyone, authenticated users, full permissions or receive all (equivalent to full mailbox access). If you don't see it at the root work your way down to the org level, storage group, database and take a look at the perms there. If you don't see the security tab need to add the reg key. How to enable the Security tab for the organization object in Exchange 2000 and in Exchange 2003 http://support.microsoft.com/kb/264733James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com