OWA

  • Thread starter Thread starter d000k
  • Start date Start date
D

d000k

I am having some trouble with outlook web access. It is completely unsecure.
I have implemented certificates but the problem is that anyone can get into
anyone else's mail. If John Doe uses his username and password he can log
into Jane Doe's OWA account. Why is this?? This is by default (typical MS),
how do you set it up so that ONLY that user can access their OWA account?
Thanks in advance.
 
This certainly does not occur by default. Somewhere along the line
permissions have be set to allow for this. Perhaps you can expand on the
problem description by telling us what version of Exchange and IIS you are
working with.

Note: FWIW, I have only heard of one occurrence where this happens under
Exchange 200x. It happens when Kerberos security is disabled. Kerberos is
on by default.
 
I am using exchange 2000 with IIS 5, I didn't touch any of the permissions.
This is a default install. SSL works like a champ but everyone can get into
all mailboxes. What are some things I can check?

Thanks again


neo said:
This certainly does not occur by default. Somewhere along the line
permissions have be set to allow for this. Perhaps you can expand on the
problem description by telling us what version of Exchange and IIS you are
working with.

Note: FWIW, I have only heard of one occurrence where this happens under
Exchange 200x. It happens when Kerberos security is disabled. Kerberos is
on by default.
--
Neo [MVP Outlook]
Due to the Swen virus, all e-mails sent to this account will be deleted
w/out reading.


d000k said:
I am having some trouble with outlook web access. It is completely unsecure.
I have implemented certificates but the problem is that anyone can get into
anyone else's mail. If John Doe uses his username and password he can log
into Jane Doe's OWA account. Why is this?? This is by default (typical MS),
how do you set it up so that ONLY that user can access their OWA account?
Thanks in advance.
Click to expand...
Click to expand...
 
Start with the ADUC snap-in and ensure that exchange rights haven't been
tampered with.
--
Neo [MVP Outlook]
Due to the Swen virus, all e-mails sent to this account will be deleted
w/out reading.


d000k said:
I am using exchange 2000 with IIS 5, I didn't touch any of the permissions.
This is a default install. SSL works like a champ but everyone can get into
all mailboxes. What are some things I can check?

Thanks again


neo said:
This certainly does not occur by default. Somewhere along the line
permissions have be set to allow for this. Perhaps you can expand on the
problem description by telling us what version of Exchange and IIS you are
working with.

Note: FWIW, I have only heard of one occurrence where this happens under
Exchange 200x. It happens when Kerberos security is disabled. Kerberos is
on by default.
--
Neo [MVP Outlook]
Due to the Swen virus, all e-mails sent to this account will be deleted
w/out reading.


d000k said:
I am having some trouble with outlook web access. It is completely unsecure.
I have implemented certificates but the problem is that anyone can get into
anyone else's mail. If John Doe uses his username and password he can log
into Jane Doe's OWA account. Why is this?? This is by default (typical MS),
how do you set it up so that ONLY that user can access their OWA account?
Thanks in advance.
Click to expand...
Click to expand...
Click to expand...
 
Back
Top