Open Other users folders

[Guest]

Recently we upgraded all our Office installations to Office 2003. Now anyone
with just a little bit of knowledge can open anyone else's inbox, just by
going to:
File> Open> other users folder
and typing in the user names folder, and whalla now they can view anyone
else's mail.
This stinks as far as security is concerned. We did default installs and
never had this problem with Office 2000. No one has made any changes to the
Exchange server either.
When I check the permissions of the Default and Anonymous they both have
None for permissions.
Why would anyone be allowed to view other people's inbox this easily.

 

[neo [mvp outlook]]

You didn't mention what version of Exchange, but this generally means there
is a server side security configuration issue. For example, if the site is
Exchange 200x, then I would suspect a security configuration error in Active
Directory. (Exchange 5.5 has its own directory namespace and permissions
can be set there as well that would allow such things to happen.)

/neo

PS - By the way, the out-of-box configuration of Exchange 5.5 and newer
doesn't allow what you describe.

 

[Guest]

We're running 2 Exchange 2000 server, that were both upgraded from 5.5.

I just did some testing on another computer and I think you're right about
the permissions.

We're running 2 exchange servers and only one of the servers is affected by
this and it happens to be a remote server for us. Everyone that is on that
remote server is able to open anyone else's outlook folders on that server
and not on the other server. Which is a bit of a relief but still some work
needs to be done.

Thanks for the quick reply.

 

[Guest]

I've checked the permissions on the servers and from what I can tell they
appear to be identical. So at this point I'm stumped as to what to look for.
Any help would be appreciated.

 

[neo [mvp outlook]]

To review which users/groups have "Send As" and "Receive As" rights. You
will have to check 2 places to find this out. The first is in Active
Directory Users and Computers (the security tab on said user object) and the
other is in Exchange System Manager (bring up the properties on the mailbox
store and go to the security tab).

Since you mentioned this behavior only exists on one server and not the
other, I would start the check with Exchange System Manager and check the
rights on the mailbox store first.

 

[Guest]

That did the trick. I kept looking at the ACL's and just wasn't figuring out
where the permissions were being inherited from.

The only difference from server to server was that the Authenticated User
had full control on one server and read properties on the other when I looked
at the ACL for any user on each server.

I started at the store level and moved up to the server level since the
permissions were being inherited at the store level. From that point I just
compared the differences of each set of permissions then blottoed out the
difference on the other server.

Thank you very much for your help.