Re: Exchange 2007 direct file access security hole!
- From: Andy David {MVP} <adavid@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Oct 2007 11:54:54 -0400
On Wed, 10 Oct 2007 16:37:27 +0100, "Mark Arnold [MVP]"
<mark@xxxxxxxx> wrote:
On Wed, 10 Oct 2007 08:24:06 -0700, bill
<bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have set up a new exchange 2007 server and removed all other exchange
servers. configured direct file access to one of our file servers. when a
user puts in \\<servername>, they see a list of shares ( including hidden
ones) then they can browse these shares well below the point where ntfs
permissions do not allow. while they cannot open documents in these folders,
this does not comply with what I would expect. also I saw that this can be
controlled by user, can I configure that some users have access to one server
while others have access to another?
I had a completely vanilla install just made up on 2003 and although I
can see dollar shares (bad) so long as the permissions on the share
are correct (i.e. I made sure the default everyone - read was removed
and only a different account to mine was given read access) the user
on OWA can't get in.
So on first glance it only looks half as dodgy as you make out. It's
still bad though.......
Yea, sounds great, but I am not completely sold on it yet.
The Sharepoint integration doesn't make it apparent that its a
read-only access as well. Only when you try to save a modified doc
does that become obvious.
.
- References:
- Re: Exchange 2007 direct file access security hole!
- From: Mark Arnold [MVP]
- Re: Exchange 2007 direct file access security hole!
- Prev by Date: Re: Exchange 2007 direct file access security hole!
- Next by Date: Re: Exchange 2007 direct file access security hole!
- Previous by thread: Re: Exchange 2007 direct file access security hole!
- Next by thread: Re: Exchange 2007 direct file access security hole!
- Index(es):
Relevant Pages
|
