I've inherited an exchange server already setup before me. I've found that any user can open up any other users inbox by using outlook by going File-Open-Open User's Folder. I've found that this is not the default behavior of outlook but can't find exactly where to change this permission. When I look at the Mailbox Rights from the Exchange Advanced tab using AD, I find there is an everyone group with inherited permissions to read, change, take ownership and full mailbox access. Is this the problem? If so, where do I change it since it is inherited? Thanks
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Mailbox Rights
- Thread starter WCSO
- Start date
MikeBatters
Technical User
In the Exchange System Manager right click the top of the tree in the left pane. Then select "Delegate Control" and follow the instructions.
You will see a list of delegated users that already have permissions.
Also right click on the Exchange server in the System Manager and have a look at the users/groups specified on the "Security" tab. You may also find the "Everyone" group has "Full Mailbox Access" granted.
Hope this helps - Post back if there are no clues from following the above.
Mike
*************************************
Remember - There is always another way..........I just haven't found out what it is yet!
![[yinyang]](/data/assets/smilies/yinyang.gif "[yinyang] [yinyang]")
You will see a list of delegated users that already have permissions.
Also right click on the Exchange server in the System Manager and have a look at the users/groups specified on the "Security" tab. You may also find the "Everyone" group has "Full Mailbox Access" granted.
Hope this helps - Post back if there are no clues from following the above.
Mike
*************************************
Remember - There is always another way..........I just haven't found out what it is yet!
- Thread starter
- #3
MikeBatters
Technical User
The Rights can also be set at the individual Mailbox store level within the storage group.
Have you check there?
Mike
*************************************
Remember - There is always another way..........I just haven't found out what it is yet!
Have you check there?
Mike
*************************************
Remember - There is always another way..........I just haven't found out what it is yet!
- Thread starter
- #5
MikeBatters
Technical User
Every user gets Full Mailbox access to their own mailbox anyway.
The "everyone" group should only be inheriting "create named properties in the information store" from a higher level and should have no other permissions at all.
Hope that helps in the quest to secure your mail system
Mike
*************************************
Remember - There is always another way..........I just haven't found out what it is yet!
The "everyone" group should only be inheriting "create named properties in the information store" from a higher level and should have no other permissions at all.
Hope that helps in the quest to secure your mail system
Mike
*************************************
Remember - There is always another way..........I just haven't found out what it is yet!
- Status
Similar threads
- Locked
- Question
- Locked
- Question
