|
bmcmurtry -> Gaping Wide Security Hole (29.Sep.2005 9:27:08 AM)
|
I have a new client running 2000 SBS with Exchange 2000, so my company did not do the initial Exchange setup.
When any user opens their Outlook, they can do a File/Open/Other User's Folder, and open ANY folder on any mailbox on the server. Obviously, this is a big problem, as each mailbox needs to be private.
I have patched Exchange fully, and I have also patched the OS fully.
I have also reset the default permissions to the mailbox store and to the organization to the minimums recommended at http://www.microsoft.com/technet/prodtechnol/exchange/guides/StrPermwE2k3/2934133f-e3af-46a5-9369-1ece5843ff58.mspx
I did restart the information store after changing the permissions, but still, the access remains the same. All users are normal users, and do not have elevated privileges.
If you look at the permissions on each folder within Outlook, you would find what would be expected:
Default is None
Anonymous is None
Any thoughts or suggestions on how to lock this down?
Brian
|
|
|
|