• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Gaping Wide Security Hole

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Gaping Wide Security Hole Page: [1]
Message << Older Topic   Newer Topic >>
Gaping Wide Security Hole - 29.Sep.2005 9:27:08 AM   


Posts: 1
Joined: 29.Sep.2005
Status: offline
I have a new client running 2000 SBS with Exchange 2000, so my company did not do the initial Exchange setup.

When any user opens their Outlook, they can do a File/Open/Other User's Folder, and open ANY folder on any mailbox on the server.  Obviously, this is a big problem, as each mailbox needs to be private.

I have patched Exchange fully, and I have also patched the OS fully.

I have also reset the default permissions to the mailbox store and to the organization to the minimums recommended at http://www.microsoft.com/technet/prodtechnol/exchange/guides/StrPermwE2k3/2934133f-e3af-46a5-9369-1ece5843ff58.mspx

I did restart the information store after changing the permissions, but still, the access remains the same.  All users are normal users, and do not have elevated privileges.

If you look at the permissions on each folder within Outlook, you would find what would be expected:

Default is None
Anonymous is None

Any thoughts or suggestions on how to lock this down?

Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Gaping Wide Security Hole Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter