Announcement

Collapse
No announcement yet.

Users accessing other users mailboxes

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Users accessing other users mailboxes

    Hi.
    I have a situation with Exchange 2003 installed on Server 2003.
    The problem is that when a user accesses his email through webmail they can also access the email accounts of other users.
    If they enter http://server/exchange/OTHER_USER they can read the email of OTHER_USER.

    Any suggestions on how to solve this?

    Thank you.

  • #2
    Re: Users accessing other users mailboxes

    they still have to put in a password, correct?

    that is an acceptable way to view other calendars and shared schedules and such... so what is displayed when they type this? they cant just browse to another inbox... can they?

    you just want to turn this feature off? i would have to think that it is used internaly also, and disabling the feature would probably screw up shared tasks and calendars...
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Users accessing other users mailboxes

      If they can access any mailbox without any password then that is NOT standard behaviour.
      I would look to see if Service Account status has been granted to a group on the server that all users are members of.

      http://support.microsoft.com/default.aspx?kbid=821897

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Users accessing other users mailboxes

        Originally posted by James Haynes View Post
        they still have to put in a password, correct?

        that is an acceptable way to view other calendars and shared schedules and such... so what is displayed when they type this? they cant just browse to another inbox... can they?

        you just want to turn this feature off? i would have to think that it is used internaly also, and disabling the feature would probably screw up shared tasks and calendars...
        When they navigate to http://server/exchange they are asked for username and password.
        They are then logged into their email account.
        Then if they enter http://server/exchange/ANOTHER_USER in the address bar they can read the emails of ANOTHER_USER

        Comment


        • #5
          Re: Users accessing other users mailboxes

          I added the Deny "Recieve As" permission to the "Everyone" group in the security tab of the mailbox store.
          This has resolved the issue and everything seems to be OK.

          Am I missing something? Might this cause some other problem?

          Regards.

          Comment


          • #6
            Re: Users accessing other users mailboxes

            You don't just add DENY to the server's/mailbox's permissions. Please compare your permissions to the set of permissions on a properly configured Exchange server. You can set one up in a virtual lab, or even use the demo machines provided by Microsoft.
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Re: Users accessing other users mailboxes

              Hi, u can check the permissions of the mailbox of the ANOTHER_USER. If u can enter directly to the account (http://server/exchange/ANOTHER_USER) is because u are logged in the PC using the credentials of the user who has rights to the mailbox of the ANOTHER_USER.

              Comment


              • #8
                Re: Users accessing other users mailboxes

                Originally posted by jacppe View Post
                Hi, u can check the permissions of the mailbox of the ANOTHER_USER. If u can enter directly to the account (http://server/exchange/ANOTHER_USER) is because u are logged in the PC using the credentials of the user who has rights to the mailbox of the ANOTHER_USER.
                No that was not reason since you could read the emails of whichever user you want (not only the account of the currently logged user).
                All you had to do was point the browser to http://server/exchange/ANOTHER_USER1
                http://server/exchange/ANOTHER_USER2 etc.

                Comment


                • #9
                  Re: Users accessing other users mailboxes

                  Originally posted by danielp View Post
                  You don't just add DENY to the server's/mailbox's permissions. Please compare your permissions to the set of permissions on a properly configured Exchange server. You can set one up in a virtual lab, or even use the demo machines provided by Microsoft.
                  I'll do that but I think there should be no problem since no one should have "Receive as" permission anyway.

                  Comment

                  Working...
                  X