Can they access other mailboxes from within Outlook by File>open>Other user's folder?
________________________________ From: Ed Stahr [mailto:est...@pinksneakers.net] Sent: Tuesday, May 19, 2009 11:40 AM To: MS-Exchange Admin Issues Subject: OWA security config problem I have OWA running (Exchange 2003 on Server 2003R2) and everything seems to be working, but I have one big security hole that I am sure is caused by an incorrect setting on my part. Once users authenticate into their account, they can access any other account they wish by changing the URL. Example: You authenticate to this address for OWA: https://exch.mydomain.com/ You then go into your mailbox at: https://exch.mydomain.com/exchange if you add anyone elses username to the end of that URL, you can see their email account, example: https://exch.mydomain.com/exchange/bsmith would show you bsmith's account. I am sure this is something very basic I am missing. Thanks, Ed ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
