Good question, First screen is the OWA screen with one box, which basically is the input for which email box you wish, then the NTLM popup appears for the next login (username/password) If I type lets say JOE in the first box, then sue/password in the login popup, then me as sue can read Joes email. Hope that clarifies it somewhat. Don Bentz, MCSE, CCA, MCP+I Computer Management Systems, Inc. 216 South Main Street Columbia City, IN 46725 [260] 248-2191 V [260] 248-2801 F www.cmsinetworks.com <http://www.cmsinetworks.com/> Hate Spam? Click Here <http://www.myaffiliateprogram.com/u/hatespam/e.asp?e=3&id=1037> . -----Original Message----- From: Mike Dufoe [mailto:dufoem@xxxxxxxxxxx] Sent: Thursday, July 31, 2003 10:29 AM To: [ExchangeList] Subject: [exchangelist] RE: Exchange 5.5 OWA http://www.MSExchange.org/ Does it prompt them for username/password? Example, if user aaa wanted to check out bbb mailbox, does aaa get prompt for username/password? Or is this the admin account that your talking about accessing the users mailboxes? -----Original Message----- From: Don Bentz [mailto:Don@xxxxxxxxxxx] Sent: Thursday, July 31, 2003 11:12 AM To: [ExchangeList] Subject: [exchangelist] RE: Exchange 5.5 OWA http://www.MSExchange.org/ I have a server running SBS4.5, and using OWA for exchange 5.5, and have found that any user can log into any users mailbox using OWA. I've checked permissions and can't see anything wrong. It presently has SP4 installed for exchange. Anyone seen this? Could SP4 have broke the security? Don Bentz, MCSE, CCA, MCP+I Computer Management Systems, Inc. 216 South Main Street Columbia City, IN 46725 [260] 248-2191 V [260] 248-2801 F www.cmsinetworks.com <http://www.cmsinetworks.com/> Hate Spam? Click Here <http://www.myaffiliateprogram.com/u/hatespam/e.asp?e=3&id=1037> . ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: dufoem@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: don@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient.Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Computer Management Systems, Inc. disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of CMS, Inc. or its subsidiaries or affiliates. postmaster@xxxxxxxxxxx <mailto:postmaster@xxxxxxxxxxx> This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Computer Management Systems, Inc. disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of CMS, Inc. or its subsidiaries or affiliates. postmaster@xxxxxxxxxxx