Exchange Server Forums

Private Messages not really private if Full Mailbox Access is assigned through ESM

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Private Messages not really private if Full Mailbox Access is assigned through ESM

Page: [1]

Message

<< Older Topic Newer Topic >>

Private Messages not really private if Full Mailbox Acc... - 14.Sep.2011 9:07:20 AM

Systekinc

Posts: 3
Joined: 13.Sep.2011
Status: offline

The issue with the Sensitivity setting I see as a bug with Exchange.

Scenario:
User1 Needs to give User2 Full Mailbox Access to view items. This is done through Exchange System manager editing Full mailbox Access.
User1 Uses the Sensitivity Setting to "hide" messages from User2.

Findings:
By default User2 would NOT be allowed to view Private Sensitive items.

However there is a problem with this, if a second profile for user1 is created under the mail Control panel for user1 and the check box to prompt for profile is used, Outlook is then opened and the prompt to choose a profile appears; user2 would then have the ability to open User1's email box seperately from his own mailbox allowing User2 to show all mail including private sensitive items.

If User2 simply adds "Open other users mailbox" in his advanced account settings in Outlook, this would open User2's mailbox and under it would show User1's mailbox, at this point User2 does not see Private sensitive Items.

This is a huge security flaw in Exchange... Any insight would be helpfuul as Enterprise Vault users the single profile method to assign permissions to the archive.

Enterprise Vault uses the single profile to assign permissions on the archive thus making private sensitive items not private to users that have FMA and access the users archive.

Is this the expected behavior for Exchange?

_____________________________

DPR
Symantec Enterprise Vault
Advanced Support Engineer

< Message edited by Systekinc -- 14.Sep.2011 9:08:28 AM >