Re: Want to stop sharing Outlook Today folders

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: RobGMiller (RobGMiller_at_discussions.microsoft.com)
Date: 03/17/05 

Date: Thu, 17 Mar 2005 07:47:10 -0800

I can see two places that affect security of a user's personal information,
the security tab as you suggested and the Exchange Advanced | Mailbox Rights.

I am assuming that these two areas affect only rights that others have to
this user's information.

Wouldn't adjusting the permissions in the MailBox Rights be enough to keep
someone from gaining access to mail box objects such as the inbox or the
schedule.

Assuming all users are members of the Domain Users group and no other what
rights are required for a user to access his own info and prevent everyone
else from it?

"Sue Mosher [MVP-Outlook]" wrote:

> Sounds like you haven't set up ADU&C so that you can view object-level
> security rights. Right-click the domain node and choose View | Advanced
> Features. Now, right-click any user and choose Properties. Do you now see a
> Security tab? That's where you should be looking. My guess is that you'll
> find Read assigned to a security group that shouldn't have them. If that's
> the case, look at the Users node or the top-level domain node to see if
> that's where that too-loose permission is set, so that it is inherited by
> the child objects.
>
> --
> Sue Mosher, Outlook MVP
> Author of
> Microsoft Outlook Programming - Jumpstart for
> Administrators, Power Users, and Developers
> http://www.outlookcode.com/jumpstart.aspx
>
>
> "RobGMiller" <RobGMiller@discussions.microsoft.com> wrote in message
> news:621E0C9F-BF6E-473D-8F9A-23C88174254E@microsoft.com...
> >- In ADU&C there is only one group Domain.PDC group
> > - "Users" is in the Domain.PDC group
> > - The only way to affect the Domain.PDC group via its properties is Group
> > Policy (tab) as far as I can see.
> > - The only policy listed in Group Policy is Default Domain Policy and it
> > was
> > disabled
> > - I enabled it and of course that had no effect.
> > - Is there someting in the Default Domain Policy that would have an effect
> > on the rights to see objects established by Ms Exchange?
> >
> > - I focus on a user who only in the Domain Users group which is a member
> > of
> > users. I presume this is the default inital permission setting.
> > - This account has no more rights than anyone else and can still see
> > everyones schedule in Outlook.
> >
> > "Sue Mosher [MVP-Outlook]" wrote:
> >
> >> That's not what I meant. You have xx number of users and in ADU&C, you
> >> configure them, right? Under what node do they appear in ADU&C in the
> >> domain's hierarchy? Users is the default. Whether it's Users or some
> >> other
> >> node, that's the container whose permissions you'll want to examine, as
> >> well
> >> as those for its parent containers. The symptoms indicate that the
> >> permissions are set too loosely somewhere in the hierarchy, with the
> >> result
> >> that individual user accounts are inheriting those too-loose permissions.
> >>
> >> Once you fix that, users will be able to set their own per-folder
> >> permissions, which is what you want.
> >>
> >> --
> >> Sue Mosher, Outlook MVP
> >> Author of
> >> Microsoft Outlook Programming - Jumpstart for
> >> Administrators, Power Users, and Developers
> >> http://www.outlookcode.com/jumpstart.aspx
> >>
> >>
> >> > So you are talking about a user account in active Directory. I am
> >> > familiar
> >> > with it. I just never realized that a User Account profile is referred
> >> > to
> >> > as
> >> > a container.
> >>
> >> > In any case, what do I need to change in a user's profile that has
> >> > anything
> >> > to do with Outlook permissions. I read an article at
> >> > http://www.howto-outlook.com/howto/permissions.htm
> >> >
> >> > Some of their info was related to the AD but none of those measures
> >> > seem
> >> > to
> >> > have value because we are not trying to assign permissions we are
> >> > trying
> >> > to
> >> > limit permissions and right now everyone can see everything. So what I
> >> > need
> >> > to know is how to limit permissions.
> >> >
> >> > "Sue Mosher [MVP-Outlook]" wrote:
> >> >
> >> >> You need to be looking in Active Directory Users and Computers on your
> >> >> domain controller -- the same place where you centrally manage all
> >> >> user
> >> >> account settings. Expand the domain hierarchy to view the Users
> >> >> container
> >> >> or
> >> >> whatever container you use to manager your users.
> >> >>
> >> >> "RobGMiller" <RobGMiller@discussions.microsoft.com> wrote in message
> >> >> news:ED49A37B-D77F-4628-BE62-DF4EF3B5E511@microsoft.com...
> >> >> > What is mean by the User's container? do you access this from the
> >> >> > User's
> >> >> > Account profiles.
> >> >> >
> >> >> > "Sue Mosher [MVP-Outlook]" wrote:
> >> >> >
> >> >> >> Look in Active Directory at the permissions on the Users container
> >> >> >> or
> >> >> >> whatever container the users are in.
> >> >> >>
> >> >> >> "RobGMiller" <RobGMiller@discussions.microsoft.com> wrote in
> >> >> >> message
> >> >> >> news:7F96F936-2D57-4796-B535-D7261CE98C6D@microsoft.com...
> >> >> >> > W2K Small Business running exchange with Ms Outlook 2000.
> >> >> >> >
> >> >> >> > All network users can see anybody else's calendar, tasks, inbox
> >> >> >> > etc.
> >> >> >> >
> >> >> >> > On everyone's Calendar properties|permissons default=none,
> >> >> >> > anonymous=none
> >> >> >> >
> >> >> >> > This situation would appear secure but everyone on the network
> >> >> >> > can
> >> >> >> > see
> >> >> >> > that
> >> >> >> > calendar using File|Open|Other User's folder.
> >> >> >> >
> >> >> >> > We would like our users to set their own visibility.
> >>
> >>
> >>
>
>
>

Relevant Pages

  • Re: Secure shared web hosting using MAC Framework
    ... run the web server and web users shell in a jail, ... Those rights should have priority on any traditional unix file ... This directive allows you to disable certain functions for security reasons. ... Web users and executed web scripts shouldn't be able to read ...
    (FreeBSD-Security)
  • Orwell meets Kafka
    ... THE OTHER DAY, the new secretary of homeland security, Michael Chertoff, scrapped the moronic rule requiring everyone to stay seated for 30 minutes coming in or out of Ronald Reagan Washington National Airport. ... If the American republic was built on any core principle, that principle is the rights of people to be free from the abuses of unchecked power. ...
    (soc.culture.australian)
  • Re: display user rights on local and remote machine
    ... > into which see what the user rights are for a given domain user or group. ... > mouse, select properties, and select security tab. ...
    (microsoft.public.vb.winapi)
  • RE: Rights
    ... the benefit is improved security. ... in restricting rights in favor of increased security. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ...
    (Security-Basics)
  • Re: Mailboxes instead of new users
    ... You are always welcomed to call PSS and open a Exchange security related ... Open the properties of the mailbox store in the Exchange System Manager, ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > security group for the distribution group and give her "send as" rights. ...
    (microsoft.public.windows.server.sbs)