Outlook – access to inbox permissions
Is there a faster way of verifying that any given user is not able to access any other user's outlook inbox without having to test every mailbox? If a user wants to give permissions to another user to view their calendar, or tasklist etc., that is ok. I just want to make sure no one can share their inbox.
Platform: Outlook 2000 with Exchange Server 2003
Thank you.
Software/Hardware used:
Software/Hardware used:
ASKED:
December 26, 2006 2:30 PM
UPDATED:
February 5, 2009 8:38 PM
Answer Wiki:
I do not believe that there is any way you can prevent a user from sharing his inbox with another user or a number of users. However, so long as "send on behalf of" or "send as" permissions are not granted by an Exchange administrator, the user with access will not be able to send messages as the other user.
What is your true concern here? Is it the sending of messages as another person, or is it the deletion of messages from another's inbox?
To see all answers submitted to the Answer Wiki: View Answer History.
Hello,
When you create a new mail enabled user account in AD, mailbox rights are assigned to ‘self’ which give appropriate permissions to the mailbox owner. No other domain users will be authorized access by default.
Granting access to another user can be done either by the mailbox owner through Outlook or by an Administrator through AD => user properties => Exchange Advanced tab => mailbox rights.
If you have a default mailbox configuration then your users mailboxes should be safe from outside access. If someone has reported access by another user, check the permissions described above and edit as needed.
Good luck!
Thank you guys for your reply.
The issue of concern is that it was found that certain users were able to view the inbox of a high level management employee who deals with confidential matters on a regular basis. Even though they cannot ‘send as’, they are not suppose to even be able to view the inbox. But the employee states that he never changed permissions on his inbox to allow others to view it. The permissions have been fixed so his inbox is ok now but now he wants a test done on every account to see if any users’ inboxes are viewable by any other user.
I was just wondering if there was a faster way of verifying this other than performing a File-Open- Other user’s folder for every user.
Could I apply permissions to the ‘Everyone’ group and accomplish the same thing?
Thanks.
You do not say where the permissions were changed. Were they changed by this manager, or were they changed in Exchange by an administrator?
If they were changed by this manager, end of story. He would be the only one, someone he gave his username and password to, who could have made the changes to allow other users to see his inbox.
If the change was made by an administrator at the Exchange level, there should be a “paper trail” of the request for the change–his original request, as well as the date of the change and who the change affected–on file somewhere.
If you have a manager over you, let your manager know the status of this situation, and have the other manager go through him to make his request, and your manager should be able to deflect it. The hardest thing in the world is to prove a negative (“When did you stop beating your wife?”).
You can write a script to dump ACLs. Here’s one write up on this method: http://gsexdev.blogspot.com/2005/06/reverse-permissions-audit-scripts-part.html
You can write a script to dump ACLs. Here’s one write up on this method: http://gsexdev.blogspot.com/2005/06/reverse-permissions-audit-scripts-part.html
I have noticed that when I log on mail sent is already opened (not by me)……is this possible and who would have access to do that?