RE: Exchange 5.5 security issue

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 28 Feb 2005 22:23:04 -0500

What domain accounts or groups are given permissions on the 'Site'
properties tab in the Exchange 5.5 admin program?  Write down all domain
accounts and groups that are given permissions here, and then see if the
person in HR is added to one of these groups.  If so, remove the group from
the permissions of the site or remove the HR person from the group that is
given the permissions.  If you remove the group, make sure that your domain
account (or the Exchange service account) is assigned the permissions
individually before you remove anything.  This way you do not remove your
access as well.  

Obviously there are some permissions setting in there that should not be.
Also, the 'domain users' group should NOT be listed in the site permission
properties for any reason.


Chris Wall
-----Original Message-----
From: ba_cruising@xxxxxxxxxxx [mailto:ba_cruising@xxxxxxxxxxx] 
Sent: Monday, February 28, 2005 9:57 PM
To: [ExchangeList]
Subject: [exchangelist] Exchange 5.5 security issue

I run Exchange 5.5 sp4 on Windows 2000 member server on our NT 4.0 domain.
 I had a complaint today regarding our HR person accessing someone else's
mailbox.  I checked permissions within Exchange Admin and she does not
have the permission to do this.  Even when I check the Mailbox Resources
HR is listed as being logon to this other person's mailbox.  She does not
know the admin password so how can she view someone else's mailbox?  I've
checked all the permissions I know of within Exchage Admin and am baffled.

I also checked the person who suspects that HR is reading his email within
the Outlook client configuration to see if somehow he delegated this right
but the HR person is not listed within the Outlook as having permission to
his mailbox.

How can someone besides the Exchange Admin have permission to view someone
else's mailbox?  Any help would be greatly appreciated.

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: