access control lists RRS feed

  • Question

  • As part of a security audit (exchange 2003), whereby you have some HIGHLY sensitive mailboxes, what access control lists need to be reviewed to rull out every possible avenue whereby someone could get to the mail content? I no in aduc you can check mailbox rights in exchange advabnced tab, there are some scripts that can view any misconfigurations set via "delegate rights" in outlook, but there must be other paths to get to the mailbox, potentially. What else must be reviewed in terms of access control lists for full assurance on who can/could access highly sensitive mailboxes ?
    Friday, May 20, 2011 9:13 AM


  • Run LDIFDE to see if there is any delegate, and run DSACLS to get the AD permission.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, May 31, 2011 5:49 AM