locked
Exchange mailbox permissions, outlook access RRS feed

  • Question

  • I read thru the related topics here on Technet, but they do not quite describe what I have here. (I may have missed something, as there are a lot of posts about permissions on Exchange 2003) We are running Exchange 2003, with various versions of Outlook, (2000, XP, 2003 and 2007).

    It was discovered by accident that if a user opens Outlook, and right clicks on their mailbox, one of the options is to "open other folder" which expands out to "open other user's folder". From here they can choose any user on the network and choose to open any folder in their exchange profile, such as inbox, sent files, ect.

    I went into the mailbox permissions in Active Directory, and found on all mailboxes that "everyone" has read permissions. The check box to remove the permission is greyed out, so I tried to put it as denied on a test email account, since "deny" should take precedence.
    That failed to stop access. 

    I am at a loss as to how to correct this, so that only items that are shared (such as notes or the calendar) by the user can be seen by only those that have been given permission. Any useful advice would be appreciated. Thank you
    Thursday, October 1, 2009 4:06 PM

Answers

  • Thank you, Everyone for your help!!

    I finally had to pay Microsoft for help. If anyone ever sees this, we found the problem in ADSI Edit, configuration, CN=Services, CN=First Administrative Group, Authenticated users had full control... Ouch. No idea how that got changed, as I have never been in that block before.

    Thanks again!!
    • Marked as answer by emma.yoyo Wednesday, October 7, 2009 2:53 AM
    Friday, October 2, 2009 6:27 PM

All replies

  • Have a look at this thread http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/423f955f-016e-4b1c-806e-eb82024e21e4
    • Proposed as answer by emma.yoyo Wednesday, October 7, 2009 2:53 AM
    Thursday, October 1, 2009 11:57 PM
  • You need to trace this from ORG level to make sure if it is being inherited from ORG and then trace it downwards such as AG/Storage Group/Database level

    the below forum provided by Michael is of great information.


    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Friday, October 2, 2009 6:20 AM
  • Thank you, Everyone for your help!!

    I finally had to pay Microsoft for help. If anyone ever sees this, we found the problem in ADSI Edit, configuration, CN=Services, CN=First Administrative Group, Authenticated users had full control... Ouch. No idea how that got changed, as I have never been in that block before.

    Thanks again!!
    • Marked as answer by emma.yoyo Wednesday, October 7, 2009 2:53 AM
    Friday, October 2, 2009 6:27 PM