Hi Bruce, This is absolutely right. In the most cases SYSTEM does need not full control either.
The both accounts IMail works with must be restricted for sure. It can't be the solution, that those users have full control over the Application- and Data-directories. Especially the IIS guest user must run under very limited rights. This affects the registry too. Did somebody already test, if IMail will work, after reducing the rights to the usual read/write/change permissions? IMail 2006 does not strictly separate program and data by default. With a bit registry hacking, a separation is possible. At the end, three or four files need R/W access in the application directory. We made that already for every version of IMail, including 2006 . I have no idea, why we poor admins have fiddle around in the registry to fullfil some basic IT-rules. This separation could be done very very easy by default and would allow to implement a security concept easily. If somebody is interested what have to be done for a 99% separation, i can post more infos. ============================================ Am Mittwoch, 4. Januar 2006 um 00:53 schrieben Sie: > Full control should NEVER be allowed on a server of any kind! That will > give full access to anyone who can connect to the site. > > The only account having FULL CONTROL is ADMINISTRATOR and SYSTEM. > > The user who is logged into the system checking his mail should only be > allowed CREATE, MODIFY and DELETE, NOT full control. > > This is a definitely problem with the latest version of IMail and needs to > be addresses ASAP. We will not deploy until this is resolved! > > Bruce Barnes > ChicagoNetTech Inc > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting > Sent: Tuesday, January 03, 2006 16:53 > To: [email protected] > Subject: Re: [IMail Forum] 2006 permissions > Full control? > Mike Barber wrote: > Here you will find the permissions necessary > > http://support.ipswitch.com/kb/IM-20051123-DM03.htm#InstallUpgrade > For your scenario you will need to add IUSR_ComputerName to > d:\imail\ > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting > Sent: Tuesday, January 03, 2006 5:23 PM > To: [email protected] > Subject: [IMail Forum] 2006 permissions > We have all of our domains on the D drive and it seems that > permissions are still not corrected after installing 2006.01. This is the > error I get when I try to save attachment blocking: > > "Unable to open attachment blocking file d:\IMail\\ab.txt" > > That would indicate a permissions problem but it is reading the > file. What file permissions should be in place? > > Thanks, > > Bill > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ============================================ -- Mit freundlichen GrĂ¼ssen -------------------------------------------- Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail: mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 -------------------------------------------- News - Neue Produkte: .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. Sawmill Loganalyzer .:. SmarterTools -------------------------------------------- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
