none
User has full access to all other users folders (Inbox, Calendar, etc) RRS feed

  • Question

  • I have a single user that when logged into a specific computer has the ability to open other users folders (Inbox, Calendar,etc) in Outlook 2007 (File > Open > Other users Folder) without the other users granting him permissions.  
    When we first learned about this we researched our various Exchange Admin groups and found him explicitly entered as allowed in one of them.   We removed him from the group thinking this would resolve it but his full permissions continue.  Even after reboot, logoff, replication, etc.
    If this user logs into another computers he does not have this full permission. 
    We have compared his permission with other users permission and find nothing out of the normal (Active Directory User and Computer (On Exchange Server) > User Properties > Exchange Advanced Tab > Mailbox Rights.  We have looked in Exchange System Manager at the Server level and the Mailbox Store level and see nothing out of the usual.   I could probably remove his computer from the domain, delete its computer object in Active Directory and rejoin to resolve this but I would like to understand HOW this is happening.
    It's almost like that permission didn't fully get deleted.
    We are running Exchange 2003 SP2.
    Any suggestions?
    Wednesday, November 16, 2011 8:25 PM

Answers

  • The new MAPI profile did not help.

    I removed my computer from the domain, deleted the computer object from Active Directory and rejoined the domain.  This resolved the issue.

    It must have been some "stuck" computer permission.

     

     

    • Proposed as answer by Sukh828 Monday, November 21, 2011 11:27 PM
    • Marked as answer by Evan LiuModerator Tuesday, November 22, 2011 3:07 AM
    Monday, November 21, 2011 6:40 PM

All replies

  • Well,

     

    Then you have a permissions problem.

     

    What groups does the particular computer belong to?  How about the user?

     

    J

     

    Wednesday, November 16, 2011 10:20 PM
  • Thanks for the reply John.

    The computer object only belongs to the Domain Computers group.    

    The user has identical permissions as another user who is not able to access the other mailboxes.   

    As I mentioned, this same single user can log on to another PC open outlook and when attempting to open other users mailboxes he receives "Access Denied" as expected.   This tells me it is not a user permission.  It completely sounds like this is a Computer Object permission that is allowing this but I am confused because this computer isn't a part of any extra groups.

    Other users can log on to this PC, open outlook and try to connect to other users folders.  They are denied as expected.

    Would you happen to have any other suggestions?

     

    Thursday, November 17, 2011 7:15 PM
  • Tried creating a new windows profile on that PC and tested?

    Tried a new Outlook profile on that PC (online mdoe)?


    Sukh
    • Edited by Sukh828 Thursday, November 17, 2011 8:24 PM
    Thursday, November 17, 2011 8:24 PM
  • The new MAPI profile did not help.

    I removed my computer from the domain, deleted the computer object from Active Directory and rejoined the domain.  This resolved the issue.

    It must have been some "stuck" computer permission.

     

     

    • Proposed as answer by Sukh828 Monday, November 21, 2011 11:27 PM
    • Marked as answer by Evan LiuModerator Tuesday, November 22, 2011 3:07 AM
    Monday, November 21, 2011 6:40 PM