Then, quick grab an Outlook client and "discover" that any Outlook user can open the mailbox of any other user in the organization. Sounds like someone has granted receive as rights to the information store to a group containing the users in question. Check the properties of the private information store object these mailboxes exist on and see if a group (the everyone group perhaps) has "receive as" rights on the information store object. It shouldn't.
On 3/29/03 12:28, "Chas" <[EMAIL PROTECTED]> wrote: > Hello, > > one server with W2k sp3 E2k sp3. We just discovered that any domain user > can log into OWA and then by just adding another users login name to the > end of the URL, that mailbox will open. > eg: site.domain.com/exchange/username > How do you force a password request everytimg a mailbox is accessed. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
