I respectfully disagree. This isnt a "hacker" situation, where someone did bad in the act of doing good. This person violated the privacy of fellow employees, and more importantly in this context, the privacy of the company (confidential corporate communications). I've personally been in situations were I have discovered this behavior, and once it even turned into a federal case of corporate espionage.
Unless the person came forward immediately to show what they had discovered, they should be terminated. -- Espi On Thu, Nov 13, 2014 at 3:06 PM, Edward A. Berry <[email protected]> wrote: > <another lurker> > Are you kidding? That employee (assuming he didn't do anything > nasty with the guessed passwds) did you a big favor by exposing > the weak passwords before the really bad boys got them. > > On 11/13/2014 02:24 PM, Gordon Pegue wrote: > >> <lurker response> >> >> Wouldn't a more effective solution be to: >> >> 1.Terminate the employee who "guessed" the pwds >> >> 2.Institute a password change for all OWA users immediately requiring a >> strong pwd >> >> Seems to me that turning off OWA is a business-line decision in this >> case, not an IT decision >> >> Gordon >> >> *From:*[email protected] [mailto:listsadmin@lists. >> myitforum.com] *On Behalf Of *Stefan Jafs >> *Sent:* Thursday, November 13, 2014 12:14 PM >> *To:* [email protected] >> *Subject:* [NTSysADM] OWA and Exchange 2007 >> >> We had a security breach where an employee have guessed about 20 peoples >> passwords and ben able to access their e-mail with OWA. Since most people >> use company Laptops and / or Surfaces to access their e-mails while on the >> road using RPC / HTTP with Outlook we are thinking about disable OWA for >> all but a few users, will that break anything else? Did some Googling and >> looks like it may be a problem in Exchange 2013 but we are still on 2007. >> >> __________________________________ >> >> *Stefan Jafs*** >> >> > >
