I wonder if anybody could help with a security flaw there seems to be with the ADC software for Exchange 2000 (not tested on 2003).
When you install the ADC software a global security group is created in the local domain called Exchange Services, the account used in the ADC is placed into this group. The Exchange Services group has full admin rights over the entire Exchange Org, you cannot see this via the delegate wizard but if you examine the security at the top level of the Exchange Org or use ADSI you can see the group (or groups if you have ADCs in multiple domains) having full admin rights. If you run a larger size Exchange Org with multiple domains where different departments/companys manage their own AGs/domains but say the main routing and the various Exchange Org wide management are done centrally there exists a flaw..... A user can be placed into the Exchange Services group that exists in a sub domain and they gain the elevated permisssion of Exchange Full Admin rights to the entire Org. If you run multiple domains under different management then they can place users into this group and bypass the Exchange AG security. Any ideas how to mitigate this risk ? Thanks in advance, Martin. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
