Announcement

Collapse
No announcement yet.

HTTP access to another users mailbox !!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTP access to another users mailbox !!

    Can someone please advise why on my internal LAN that I can and other access another users Mailbox via http from a web browser?

    Running exchange 2003 SP2

    I have checked permissions from the organisation object down the way and can see nothing to alarming.

    On admin users mailbox accounts I have denied all other admin users access from within Active directory Users and Computers.

    And I and others can still access other users outlook as if I was using Outlook web access.

    Assistance would be grateful.

  • #2
    Re: HTTP access to another users mailbox !!

    If you can access it then you have permissions to it.
    Are you a member of domain admins?
    I would be careful randomly denying accounts through AD to things.

    By default Exchange 2003 has a deny send/receive for Domain Admins (plus others). It seems possible this has been removed for your Org.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: HTTP access to another users mailbox !!

      Yes I will have a look at that, but will that actually prevent another user from opening a web browser etc..

      http://mail_server/exchange/login_account

      This I need to prevent ASAP.

      Many Thanks.

      Comment


      • #4
        Re: HTTP access to another users mailbox !!

        Are you an Administrator though?
        Do all users have the same ability, you will need to test first (maybe create a new standard user to do this).

        If they do then something like "Domain Users" or "Everyone" (etc) has been granted something. If normal users don't then it is more likely that the Domain Admins etc has the additional rights.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: HTTP access to another users mailbox !!

          Yes sorry, I am a member of domain admins, I also checked the domain admin permissions and send as and receive as, have got denied against domain admins in special permissions, domain admisn have three listing in special permissions list two entries denying the send as and receive as, but the other listing has both of these as allowed and all permissions are greyed out and this is at the top of the organisation level properties !!!

          Comment


          • #6
            Re: HTTP access to another users mailbox !!

            Can you look through the obvious groups in the mean time to see of they have been set to full mailbox/full control etc?
            Did you test a standard user?

            Permissions that are inherited are greyed.

            You need to add the ShowSecurityPage for ExAdmin in the registry to show the pages to edit that bit.
            Like this http://support.microsoft.com/kb/328808 (not specific to you but shows the reg bit to edit).
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: HTTP access to another users mailbox !!

              Yes I know greyed out permissions are inherited but at the top level object?

              I have already put the registry entry in for the security tab on the Organisation object, I have checked all this stuff as standard I was looking for the small something I have missed or somebody has changed.

              I appreciate e your help, and if you could think of anything I would be grateful.

              thanks.

              Comment


              • #8
                Re: HTTP access to another users mailbox !!

                Yep.

                You still haven't confirmed if this happens for standard users or just admins.

                Can you just look at the permissions for a user and look through them seeing which ones have full control / full mailbox etc?
                Once you have a list go through each one, check things like builtin administrators, domain admin, ent admin, everyone group etc.
                Local admins on the exchange box
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment

                Working...
                X