Peter's Blog

Redefining the Impossible

Outlook Users can read each others mail boxes

Outlook Users can read each others mail boxes

Submitted by Peter on Wed Feb 01 2006 09:33 over 2 years ago

Panic at work when it was discovered that anyone could read anyone elses mailbox on the Exchange 2000 Server through Outlook.

Examining the permissions in the 'Exchange Advanced' tab of a Users properties in Active Directory, it appeared that the 'Everyone' user had 'Full Mailbox Access' rights.

Found a mskb article which says that in Exchange Administrator this can happen if the 'Everyone' user had been given 'Receive As' and 'Send As' accesses. Denied both of these in Exchange and rebooted it. After this the 'Everyone' user in active directory no longer had 'Full Mailbox Access' and people could no longer look at each other's mail.

Working with Active Directory and Exchange and the horrible plethora of subtly different property dialogs is bewildering. There is one property dialog in exchange with a 'Client permission' button on it that shows different dialogs if you click it with and without holding the CTRL key (mentioned in this article), you wouldn't guess it from the dialog: why not two buttons? Why the hidden option?.

I can think of a few reasons for this complex mess:

  • it keeps 10,000 software engineers at microsoft busy knocking out complex architectural stuff that doesn't add any real benefits
  • much money to be made from training courses
  • creates an army of people with noddy qualifications resistant to change

Filed under: exchange

Have Your Say

I welcome constructive comments or questions but I reserve the right to delete any comments that displease me.

Who are you?

(Optional) If you enter an email address here I might email you back. Your email address will not be sold to spammers or shown anywhere

What do you have to say?