They probably added themselves to the Exchange Domain Servers security group. Once there, they can pretty much do anything to the org.
-----Original Message----- From: Bowles, John L. [mailto:[EMAIL PROTECTED]] Posted At: Wednesday, June 05, 2002 3:59 PM Posted To: Microsoft Exchange Conversation: Delegation Wizard Subject: RE: Delegation Wizard Basically what is going on is this. We have 2 admins on the West Coast that have an exchange server out there. But since I manage the server here on the east coast it's in our Admin Group. Ok the only one that has Full Admin rights to the Org and AG is me. No one else. But all of a sudden these guys are running this Delegation Wizard and placing themselves inside the Org and AG. With no prior account in there to do this with. Now I have 2 extra accounts w/Full Admin rights in the Org and AG. I asked them how they did that and they said they just ran the Delegation Wizard. Does that clear things up? ___________________________ John Bowles Exchange Administrator Enterprise Support & Engineering Celera Genomics [EMAIL PROTECTED] -----Original Message----- From: Leo [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 4:56 PM To: Exchange Discussions Subject: RE: Delegation Wizard John, to understand you correctly lets use some examples. Fred Bloggs has not delegated rights within the exchange organisation whatsoever Then Fred just runs the Exchange system manager program and adds himself as an Exchange Full administrator at the organisation level. Please confirm this is what is happening. He is a member of what security groups? Do these groups have any delegated rights in the exchange organisation? Leo > I think you are missing the question I'm asking. They are adding > themselves without already having an account in org or admin group. > See what I'm saying? They are basically adding anything at any time. > Usually you would have to have an account already present. But there > isn't one. > > ___________________________ > John Bowles > Exchange Administrator > Enterprise Support & Engineering > Celera Genomics > [EMAIL PROTECTED]=20 > > > -----Original Message----- > From: Ed Crowley [mailto:[EMAIL PROTECTED]]=20 > Sent: Wednesday, June 05, 2002 4:00 PM > To: Exchange Discussions > Subject: RE: Delegation Wizard > > > They're in the Delegation of Administration Wizard! Don't give > Exchange Full Admin rights to those whom you don't want to allow to > change permissions. > > Ed Crowley MCSE+Internet MVP kcCC+I > Tech Consultant > hp Services > Protecting the world from PSTs and Bricked Backups! > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Bowles, John > L. > Sent: Wednesday, June 05, 2002 12:55 PM > To: Exchange Discussions > Subject: RE: Delegation Wizard > > > Ed, > > What permissions are you talking about? Cause as of now. They don't > have any permissions on the Org or the administrative group. > > Thanks, > > ___________________________ > John Bowles > Exchange Administrator > Enterprise Support & Engineering > Celera Genomics > [EMAIL PROTECTED]=20 > > > -----Original Message----- > From: Ed Crowley [mailto:[EMAIL PROTECTED]]=20 > Sent: Wednesday, June 05, 2002 3:48 PM > To: Exchange Discussions > Subject: RE: Delegation Wizard > > > Change their permissions so they can't do that. Security by > obfuscation is of little value. What's to stop them from asking the > opposite question and reversing what you've done? > > Ed Crowley MCSE+Internet MVP kcCC+I > Tech Consultant > hp Services > Protecting the world from PSTs and Bricked Backups! > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Bowles, John > L. > Sent: Wednesday, June 05, 2002 11:49 AM > To: Exchange Discussions > Subject: Delegation Wizard > > > All, > > Is there anyway to remove the Delegation wizard that comes along with > the install of Exchange 2000? Currently we have admins that think > that it's fun to add themselves as Full Admins on our site. Can I > take care of this somehow? And what privileges do you need to add > yourself? I can't think of it off the top of my head. > > TIA, > > ___________________________ > John Bowles > Exchange Administrator > Enterprise Support & Engineering > Celera Genomics > [EMAIL PROTECTED]=20 > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
