Exchange Server Forums

Gaping Wide Security Hole

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2000] >> Server Security >> Gaping Wide Security Hole

Page: [1]

Message

<< Older Topic Newer Topic >>

Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM

TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!

Gaping Wide Security Hole - 29.Sep.2005 9:27:08 AM

bmcmurtry

Posts: 1
Joined: 29.Sep.2005
Status: offline

I have a new client running 2000 SBS with Exchange 2000, so my company did not do the initial Exchange setup.

When any user opens their Outlook, they can do a File/Open/Other User's Folder, and open ANY folder on any mailbox on the server. Obviously, this is a big problem, as each mailbox needs to be private.

I have patched Exchange fully, and I have also patched the OS fully.

I have also reset the default permissions to the mailbox store and to the organization to the minimums recommended at http://www.microsoft.com/technet/prodtechnol/exchange/guides/StrPermwE2k3/2934133f-e3af-46a5-9369-1ece5843ff58.mspx

I did restart the information store after changing the permissions, but still, the access remains the same. All users are normal users, and do not have elevated privileges.

If you look at the permissions on each folder within Outlook, you would find what would be expected:

Default is None
Anonymous is None

Any thoughts or suggestions on how to lock this down?

Brian