locked
Users are able to Open other users inbox without being granted permission RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    HI

    My problem is that some of my users not all are able to open other users inbox at will. They are using Outlook 2010 with Exchange 2010. In outlook the user selects file then Open, and then "Other User's Folder". From here they can lookup any user in the domain and open their inbox.

    When I look at the permissions on users mailboxes I do not see any added accounts or security groups that would allow this to happen. I'm a domain admin and I cannot open other users Inbox in this manner.

    How can I figure out what is allowing them to do this?

    Patrick 

    Tuesday, March 26, 2013 5:23 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    On Tue, 26 Mar 2013 17:23:09 +0000, Patrick Herrington wrote:
     
    >My problem is that some of my users not all are able to open other users inbox at will. They are using Outlook 2010 with Exchange 2010. In outlook the user selects file then Open, and then "Other User's Folder". From here they can lookup any user in the domain and open their inbox.
    >
    >When I look at the permissions on users mailboxes I do not see any added accounts or security groups that would allow this to happen. I'm a domain admin and I cannot open other users Inbox in this manner.
    >
    >How can I figure out what is allowing them to do this?
     
    They're in some group that's inherited the "Receive As" permission. It
    won't be "Authenticated Users" or "Everyone". Use ADSIEdit and start
    looking at the permission. Begin at the database(es) and work your way
    towards the top of the Exchange hierarchy until you find a group that
    has the "Receive As" permission and it's not an inherited permission.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposed as answer by Fiona_Liao Thursday, March 28, 2013 1:25 PM
    • Marked as answer by Fiona_Liao Monday, April 1, 2013 5:41 AM
    Tuesday, March 26, 2013 9:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Patrick,

    Please check Full Access Permission of other user who was able to be open in this way.

    And also run cmdlet below:

    Get-MailboxFolderPermission |FL

    Hope it is helpful.

    Fiona Liao
    TechNet Community Support

    • Marked as answer by Fiona_Liao Monday, April 1, 2013 5:41 AM
    Thursday, March 28, 2013 1:36 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    On Tue, 26 Mar 2013 17:23:09 +0000, Patrick Herrington wrote:
     
    >My problem is that some of my users not all are able to open other users inbox at will. They are using Outlook 2010 with Exchange 2010. In outlook the user selects file then Open, and then "Other User's Folder". From here they can lookup any user in the domain and open their inbox.
    >
    >When I look at the permissions on users mailboxes I do not see any added accounts or security groups that would allow this to happen. I'm a domain admin and I cannot open other users Inbox in this manner.
    >
    >How can I figure out what is allowing them to do this?
     
    They're in some group that's inherited the "Receive As" permission. It
    won't be "Authenticated Users" or "Everyone". Use ADSIEdit and start
    looking at the permission. Begin at the database(es) and work your way
    towards the top of the Exchange hierarchy until you find a group that
    has the "Receive As" permission and it's not an inherited permission.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposed as answer by Fiona_Liao Thursday, March 28, 2013 1:25 PM
    • Marked as answer by Fiona_Liao Monday, April 1, 2013 5:41 AM
    Tuesday, March 26, 2013 9:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Patrick,

    Please check Full Access Permission of other user who was able to be open in this way.

    And also run cmdlet below:

    Get-MailboxFolderPermission |FL

    Hope it is helpful.

    Fiona Liao
    TechNet Community Support

    • Marked as answer by Fiona_Liao Monday, April 1, 2013 5:41 AM
    Thursday, March 28, 2013 1:36 PM