Password protecttion for outlook 2000+? 1

[DrBaltar]

Hi,

Im faced with this situation:
* An office where everyone knows everyone´s password
* A user who apparently sent a mail he shouldn´t, and claimed that "maybe, someone else did it"
* Now he wants Outlook 2003 to require an access password when it starts.

Clients are connected to an exchange server so, AFAIK, I can´t use any "Identities" feature or similar popular approaches...

Any suggestions?
Thanks in advance.

 

[DrBaltar]

*bump*

 

[paulha]

Now he wants Outlook 2003 to require an access password when it starts."

Get everybody to change their passwords, and to keep them secure.

Assign access to resources by giving permissions, rather than your current setup where effectively everybody is sharing eachother's account.

 

[DrBaltar]

there is a reason why they are sharing their desktop´s pwds, I am asking for a different solution, if there is any.

Thanks anyway.

 

[58sniper]

There is seldom a technological solution to behavioral problems, as Ed Crowley would say.

Can you elaborate on why everyone needs to know everyone's passwords? You're going to be in a world of hurt if you ever get sued and have to give up things on discovery. If anyone can sit down and log in as anyone else, there's no auditing of security.

Pat Richard, MCSE MCSA:Messaging CNA
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[DrBaltar]

This particular systema and a second one connect to online third party services that must be monitored for news and events all the time, when the regular user is not in the office (for whatever reason) others must be able to access to it.

The services cannot be installed in "unmmaned" systems, and they use a validation tied to the user´s local validation. I know it´s a bad situation, but there is not much I can do about it.

Also, as you probably know, there is a point where enforcing some policies only start a battle between IT and the staff that only displaces one problem to somewhere else, but at the end of the day are of no help.

Baltar.

 

[paulha]

Would removing Outlook from the desktops and running it via a Terminal Server be an option for you ? - The users would have to authenticate to the terminal server to access their own mailboxes

Paul

 

[paulha]

Nope, that wouldn't work, assuming they are logging onto a domain in the first place and passwords are necessarily shared.

Would your apps work correctly if the users logged on locally to the workstations ? If they would, then shared (local) passwords could be kept then the Terminal Services solution above would be an option with secure domain passwords.

Then again, if they logged on locally with shared passwords to access the apps, the outlook client would prompt for a domain password when connecting to your mailserver, and you would not need to go the TS route

 

[pgaliardo]

What good does it do to have Outlook require a password if any user would know the user's domain password anyway?
I don't know of any way to have Outlook require a different password, other than the domain password associated with the user.

 

[paulha]

If local passwords were shared (ref above scenario) and domain passwords were secure, the above would work.

Log on locally to run the online apps. Passwords relatively irrelevant.

To access mail and other domnain resources, use secure domain password

 

[pgaliardo]

Good point paulha. They would have to reset the domain passwords to something secure and not shared. Then they could share the local password to access this app.Nice. I'm giving you a star for that one.

 

[paulha]

Thanks pgaliardo

;-)

 

[DrBaltar]

Thanks for the suggestions, I'll do some tests and see how see how it goes.
Cheers.