Outlook2003 Security problem?

  • Thread starter Thread starter MDS
  • Start date Start date
M

MDS

Hey all,

We use Exchange2003 and Outlook2003 in cached mode.

On some computers we force users to log on with a special account (lets say
PROP01).
But people want to reed there mail and preferable with outlook (Yes I tried
to explain OWA).
So they create profiles under the PROP01 (for each who uses the computer to
do some testing)

But, When someone else, by mistake uses a profile of someone else (Lets say
User A, who is logged as PROD01, use the profile of user B) the see the
mails and then are prompted for a user name and password.

I thought outlook would NOT open prior to Authentication...but I was
suprised I could read (see) the (old) mails (nor replication)....Supose
there were confidential mails and the view is in preview.(as it was on my
test)!!!!

Is this normal????

Marc
 
Yes, because you used cached Exchange mode where messages are stored locally
so there is no authentication needed unless you want to synchronize.

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
 
OK, I understand, but I feel I need to notify my users of this...especialy
is users share there computer...
Thx for the quick responce
 
That's best indeed and you're welcome! :-)

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
 
You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or create an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
 
This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
Milly Staples said:
You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or create an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
 
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

Roady said:
This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
Click to expand...
wrote in message news:%[email protected]...
You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or create an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
 
I'll try but personally I wouldn't want to cahce anything on a public
computer.

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

message news:[email protected]...
This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
Click to expand...
wrote in message news:%[email protected]...
You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or
Click to expand...
create
an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 
I'm not going to file this as an security issue.
Offline folders always behaved this way so it's not limited to Cached
Exchange mode. Like I mentioned before; I wouldn't want to have cached
anything from me on a public computer. Also caching a lot of mailboxes will
use a lot of harddisk space.
Also, how should they secure it? If you must authenticate first then Offline
folders would loose their functionality. Setting a profile password means
that you'll have to authenticate twice to log-in. I don't think this is
something the end-user would prefer. Also the profile password wouldn't be
centrally managed meaning it'll be quite a hassle if the end-user forgets
his/her profile password.

Disable Cached Exchange mode on the public computer and your worries are
over.

Regards,
--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...
Tip of the month:
-Tips for cleaning up your mailbox
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net
(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

in
message news:[email protected]...
This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
Click to expand...
wrote in message news:%[email protected]...
You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or
create an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in
your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I
was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 
True...100% agree, but these are NOT public PC's,these are more like
sharedPC's.And Cache mode is setup as a standard when creating a new policy


Roady said:
I'll try but personally I wouldn't want to cahce anything on a public
computer.

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

message news:[email protected]...
This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
Click to expand...
wrote in message You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or create
an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 
Well a PC in a networkenvironment that is accessible to all users in that
environment is still called a public PC as you can't guarantee personal
security of stored data on that PC. ;-)

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...
Tip of the month:
-Tips for cleaning up your mailbox
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net
(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
True...100% agree, but these are NOT public PC's,these are more like
sharedPC's.And Cache mode is setup as a standard when creating a new
policy


in
message news:%[email protected]...
I'll try but personally I wouldn't want to cahce anything on a public
computer.

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

"Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
wrote in
message This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
"Milly Staples [MVP - Outlook]"
<[email protected]>
wrote in message You may want to set Outlook to open in a non-mail folder, such as
Outlook
Today where only events and not the actual mail is displayed. Or create
an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due
to
the SWEN virus, all mail sent to my personal account will be
deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]"
<newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but
I was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 
OK, point taken.
Your right with your statement, but MS should warn people, now there setting
it as a default...Where is the security thought now when they do that? Look,
I'm not shooting at MS, but I guess a lot of people (admins) are not aware
of this "thing" since most of them have a "personal" PC and not a public
one.

Marc

Roady said:
I'm not going to file this as an security issue.
Offline folders always behaved this way so it's not limited to Cached
Exchange mode. Like I mentioned before; I wouldn't want to have cached
anything from me on a public computer. Also caching a lot of mailboxes will
use a lot of harddisk space.
Also, how should they secure it? If you must authenticate first then Offline
folders would loose their functionality. Setting a profile password means
that you'll have to authenticate twice to log-in. I don't think this is
something the end-user would prefer. Also the profile password wouldn't be
centrally managed meaning it'll be quite a hassle if the end-user forgets
his/her profile password.

Disable Cached Exchange mode on the public computer and your worries are
over.

Regards,
--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...
Tip of the month:
-Tips for cleaning up your mailbox
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net
(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

in
message news:[email protected]...
This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
Click to expand...
wrote in message You may want to set Outlook to open in a non-mail folder, such as Outlook
Today where only events and not the actual mail is displayed. Or
create
an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in
your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I
was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 
What's in a name..
We are an ISP the this is another story...:-)

Marc

Roady said:
Well a PC in a networkenvironment that is accessible to all users in that
environment is still called a public PC as you can't guarantee personal
security of stored data on that PC. ;-)

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...
Tip of the month:
-Tips for cleaning up your mailbox
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net
(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
True...100% agree, but these are NOT public PC's,these are more like
sharedPC's.And Cache mode is setup as a standard when creating a new
policy


in
message news:%[email protected]...
I'll try but personally I wouldn't want to cahce anything on a public
computer.

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

"Roady [MVP]" <newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
wrote
in
message This still allows you to click through all the folders that are
available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
"Milly Staples [MVP - Outlook]"
<[email protected]>
wrote in message You may want to set Outlook to open in a non-mail folder, such as
Outlook
Today where only events and not the actual mail is displayed. Or
create
an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due
to
the SWEN virus, all mail sent to my personal account will be
deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]"
<newsgroups_DELETE_@_DELETE_sparnaaij_NO_._SPAM_net>
| wrote in message || Yes, because you used cached Exchange mode where messages are
stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in
your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook
(Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but
I
was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 
I partly agree. Yes it is the default which isn't "secure" for a public
computer but so are many things. Setting up a public PC can almost be stated
as an art; once I had to setup a public computer where everything should be
disabled except for 1 survey site and the calculator. This was to fully
protect the survey results and make the network unhackable and
indestructable (easiest 14 hours of overtime in providing service over it on
a Sunday so even double that in payment). It took some time to set it up
though.

A thing you should also consider on a public PC is the Passport sites and
many other websites that caches or allows you to store credentials locally
to ensure the privacy of the ones using the computer. This setting, the
cached Exchange mode and many other settings are to be considered when
setting up a Public PC. That admins are not aware of this says something
about te admin (sorry, if this includes you as well) as this is something
the admin has to realize, look into and TEST; it's his/her job.

Regards,
--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
OK, point taken.
Your right with your statement, but MS should warn people, now there setting
it as a default...Where is the security thought now when they do that? Look,
I'm not shooting at MS, but I guess a lot of people (admins) are not aware
of this "thing" since most of them have a "personal" PC and not a public
one.

Marc

message news:[email protected]...
I'm not going to file this as an security issue.
Offline folders always behaved this way so it's not limited to Cached
Exchange mode. Like I mentioned before; I wouldn't want to have cached
anything from me on a public computer. Also caching a lot of mailboxes will
use a lot of harddisk space.
Also, how should they secure it? If you must authenticate first then Offline
folders would loose their functionality. Setting a profile password means
that you'll have to authenticate twice to log-in. I don't think this is
something the end-user would prefer. Also the profile password wouldn't be
centrally managed meaning it'll be quite a hassle if the end-user forgets
his/her profile password.

Disable Cached Exchange mode on the public computer and your worries are
over.

Regards,
--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...
Tip of the month:
-Tips for cleaning up your mailbox
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net
(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
MDS said:
Indead..
Can't we launch this as a (personal) security bug? Even if this is Design

Marc

in
message This still allows you to click through all the folders that are available
off-line/cached

--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tip of the month:
-Tips for cleaning up your mailbox

Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)
-----
"Milly Staples [MVP - Outlook]"
<[email protected]>
wrote in message You may want to set Outlook to open in a non-mail folder, such as
Outlook
Today where only events and not the actual mail is displayed. Or
create
an
empty folder and then set Outlook to open to that folder.

--
Milly Staples [MVP - Outlook]

Post all replies to the group to keep the discussion intact. Due to
the SWEN virus, all mail sent to my personal account will be deleted
without reading.

After searching google.groups.com and finding no answer, MDS asked:

| OK, I understand, but I feel I need to notify my users of
| this...especialy is users share there computer...
| Thx for the quick responce
|
| "Roady [MVP]"
Click to expand...
| wrote in message || Yes, because you used cached Exchange mode where messages are stored
|| locally so there is no authentication needed unless you want to
|| synchronize.
||
|| --
|| Roady [MVP]
|| www.sparnaaij.net
|| Microsoft Office and Microsoft Office related News
|| Also Outlook FAQ, How To's, Downloads and more...
||
|| Tip of the month:
|| -Tips for cleaning up your mailbox
||
|| Subscribe to the newsletter to receive news and tips & tricks in
your
|| mailbox!
|| www.sparnaaij.net
||
|| (I changed my reply address; remove all CAPS and _underscores_ from
|| the address when mailing)
|| -----
|| ||| Hey all,
|||
||| We use Exchange2003 and Outlook2003 in cached mode.
|||
||| On some computers we force users to log on with a special account
||| (lets say PROP01).
||| But people want to reed there mail and preferable with outlook (Yes
||| I tried to explain OWA).
||| So they create profiles under the PROP01 (for each who uses the
||| computer to do some testing)
|||
||| But, When someone else, by mistake uses a profile of someone else
||| (Lets say User A, who is logged as PROD01, use the profile of user
||| B) the see the mails and then are prompted for a user name and
||| password.
|||
||| I thought outlook would NOT open prior to Authentication...but I
was
||| suprised I could read (see) the (old) mails (nor
||| replication)....Supose there were confidential mails and the view
||| is in preview.(as it was on my test)!!!!
|||
||| Is this normal????
|||
||| Marc
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Outlook2003 - 550 Relay Denied when sending emails (receiving is OK) 0
newbie exch2003 and outlook2003 5
How do I get Outlook2003 to open folders when new mail arrives? 4
outlook2003 + vista mail problem 3
Password require when login into outlook 1
Mail messages not visible 2
Outlook 2010 Cannot open this item 1
Creating A Certificate to attach in outlook 2

Back
Top