Re: Preventing users from opening onther users mailbox in outlook
- From: "Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom>
- Date: Tue, 7 Mar 2006 08:51:00 -0600
So get rid of the entry (delete it) of the one that is not inherited. It
isn't there by default, and someone added it. Everyone does *not* require
Full Control to the Mailbox Store. This is likely the problem entry, but as
I mentioned, you need to look at ALL users/groups that have Send As/Receive
As Allow. Don't look at the advanced permissions for that, rather look at
the standard permissions and see which users/groups have the Send As/Receive
As Allow right granted (without a Deny).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Exchange 2003" <Exchange2003@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3999140D-8450-40FB-BDAB-ACA86D83D447@xxxxxxxxxxxxxxxx
Hello Ben
Ok on the advanced security settings on the mail store, i have 5
everyones.
One has special type is allow , and when you edit it nothing is checked.
then
there is one with type allow perm create named pipes (which is whited out)
and nothing else checked. The next one has allow, special under edit, it
has
read, execute, read permissions, list contents, read properties, list
object
(these items are are faded). there are 2 like the one i just mentioned.
The
last everyone has full control, which is allowed, and not inherent
Thank you for sticking with me
"Ben Winzenz [Exchange MVP]" wrote:
Don't worry about the other ones. Those get put in there by Exchange.
None
of them should have full mailbox access, or if they do, they should also
have a deny (all inherited).
Let's get back to the Everyone rights on the Mailbox Store. What rights
does Everyone have on the Mailbox store itself? Going into advanced
security, I see 4 entries for Everyone, so having everyone multiple times
isn't a big deal. If Everyone Only shows "Create named properties..."
and
"Special permissions", then that likely isn't the group to worry about.
Focus on specifically which accounts or groups have Send As/Receive As
Allow
permissions on the mailbox store. Note that this can either be an Allow
that is inherited WITHOUT a Deny being inherited, OR it can be a Deny
that
is inherited with an Allow that is Explicit (check mark against white
background instead of gray).
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Exchange 2003" <Exchange2003@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F54E75ED-6CC3-4268-9A9E-11DBDE4E79E0@xxxxxxxxxxxxxxxx
Hello Ben
Yes Self is listed there, and it has full access. Everyone has only
read
checked.
But there is also admin, administrator, anonymous logon, Domain Admins,
Enterprise Admins, Exchange Domain Servers, Exchange Services.
I am stumped and the gods above are getting upset :-(
"Ben Winzenz [Exchange MVP]" wrote:
Simply restoring the information store itself will not modify the
permissions. The permissions on those objects are stored in Active
Directory.
You need to fix your permissions.
What are you denying access to for Everyone? Send As/Receive As?
That
should not affect the ability of users to log in to their own
mailboxes.
Go into a user account properties, go to the Exchange Advanced tab
(may
need
to go to View, Advanced Features), then go to Mailbox Rights. What
ACL's
are listed in there? Is SELF listed? With Full Mailbox Access? If
not,
it
should be. Everyone has Read access by default to mailboxes, but that
is
it.
--
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)
"Exchange 2003" <Exchange2003@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:CF0BEE77-DE46-44E2-A638-F91B135660A1@xxxxxxxxxxxxxxxx
ANY IDEAS?????
"Exchange 2003" wrote:
We had a crash awhile back, and had to have the databse, and
mailboxes
restored from tape. I noticed by going into the advanced security
setting
for
the store that there are multiple everyone accts that have access,
but
under
the standard security setting there is only one. Everytime i deny
access
to
everyone, you can not connect to the exchange server in outlook. Do
you
think
by doing the restore, could have messed up the permissions?
Thanks
"Andy David - MVP" wrote:
On Mon, 6 Mar 2006 07:10:29 -0800, Exchange 2003
<Exchange2003@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello
I have just noticed that users in the office, can open other
users
mailboxes
in outlook 2003. How do i not allow that? The only way i have
figured
it out
, is to go into active directory, and go into a users acct under
Exchange
advanced, mailbox rights, and add individual users then deny
them
acces to
that users mailbox. There has to be an easier way. And why would
they
be able
to open them in the first place?
Thanks in advance
Someone changed the default settings:
http://support.microsoft.com/default.aspx?scid=kb;en-us;821897
.
- References:
- Re: Preventing users from opening onther users mailbox in outlook 2003
- From: Andy David - MVP
- Re: Preventing users from opening onther users mailbox in outlook
- From: Ben Winzenz [Exchange MVP]
- Re: Preventing users from opening onther users mailbox in outlook
- From: Exchange 2003
- Re: Preventing users from opening onther users mailbox in outlook
- From: Ben Winzenz [Exchange MVP]
- Re: Preventing users from opening onther users mailbox in outlook
- From: Exchange 2003
- Re: Preventing users from opening onther users mailbox in outlook 2003
- Prev by Date: How to setup notification for Resources in Exchange 2003
- Next by Date: Re: Default rights
- Previous by thread: Re: Preventing users from opening onther users mailbox in outlook
- Next by thread: Re: Preventing users from opening onther users mailbox in outlook
- Index(es):
Relevant Pages
|
