I have a exchange server 2000 and using OWA , but there is a security problem. User who is logged in once, he/she have right to access other user's mailbox without login box prompt. for example there are two users userA and userB, both are domain\Users. When UserA firstly access OWA web site http://mail.abc.com/exchange,It prompts login box, UserA can access his/her OWA page after he/she logged in, but he/she also can access other's mailbox by using http://mail.abc.com/exchange/UserB ..UserC ..etc. This is a security problem I am facing.Is there any solution or setting I wrongly set?
If you are trying this with your own login, then there is no surprise here, because an administrator will normally be able to open any mailbox like that. But if you are saying that all your users are able to to do this, then there is a problem. It is possible that if you look at your private information store in Exchange System Manager, you will find that a security group that contains all your users has been given full permission, or at least read permission, on the entire store. This means that any user can access any other mailbox using any client program, not just OWA.
_____________________________
Lee. ___________________________________
Outlook Web Access for PDA and WAP: www.leederbyshire.com ___________________________________
I finally find that in mailstore->security setting, I un-tick all right of authenticated user, then everything runs normally, log in box prompts and users need to log in again if he/she try to access other mailbox directly.Am I correct?
quote:
ORIGINAL: leederbyshire
If you are trying this with your own login, then there is no surprise here, because an administrator will normally be able to open any mailbox like that. But if you are saying that all your users are able to to do this, then there is a problem. It is possible that if you look at your private information store in Exchange System Manager, you will find that a security group that contains all your users has been given full permission, or at least read permission, on the entire store. This means that any user can access any other mailbox using any client program, not just OWA.
I have create a new user in "active directory users and computers" on exchange server 2000. And then i create a new intramail account in outlook express (on client). after finish, the outlook express always request login user name and password, i have fill the right user name and password but it still request and i cannot access the intramail. please help me. thx
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2000] >> Outlook Web Access >> OWA mailbox URL access problem 
OWA mailbox URL access problem - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
