If you are an administrator, you will be able to do this. Have you logged in as a common user and tried it? -----Original Message----- From: Bob Fronk [mailto:bobfronk@xxxxxxxxx] Sent: Thursday, February 09, 2006 12:32 PM To: [ExchangeList] Subject: [exchangelist] RE: Outlook On The Web Security Risk!!! http://www.MSExchange.org/ It shouldn't.... You have a permissions issue somewhere. Bob Fronk bobfronk@xxxxxxxxx > -----Original Message----- > From: Phil Marano [mailto:pmarano@xxxxxxxx] > Sent: Thursday, February 09, 2006 12:53 PM > To: [ExchangeList] > Subject: [exchangelist] Outlook On The Web Security Risk!!! > > http://www.MSExchange.org/ > > Does anyone know how to prevent users once they are logged into their > mail account via the web client from adding another users email > account name to the end of the current web address and viewing that persons mailbox? > > (ie: > http://mail.yourdomain.com/exchange/jdoe > <---- adding a users account name to then of the /exchange/ directory > will allow that person to view anyone mailbox.) > > This is exchange 2003 > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this MSExchange.org Discussion List as: > bfronk@xxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to info@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: deea@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx ##################################################################################### Only the individual sender is responsible for the content of the message, and the message does not necessarily reflect the position or policy of the Texas State Teachers Association or its affiliates.