[exchangelist] RE: Setting Number of Recipient Limits for Large Groups of UsersI am experiencing a problem when my users try to change their password via OWA, recently, they receive a Object required error message. I have not fully read this yet http://support.microsoft.com/?id=833734 but if anyone has any ideas, let me know Thanks ----- Original Message ----- From: Maglinger, Paul To: [ExchangeList] Sent: Friday, February 17, 2006 4:21 PM Subject: [exchangelist] RE: Soka|OWA 2003|Change Password feature http://www.MSExchange.org/ Why would "User A" know "User B"'s password? That's your security problem. ------------------------------------------------------------------------------ From: Robert Lawson [mailto:rlawson@xxxxxxxx] Sent: Friday, February 17, 2006 15:09 To: [ExchangeList] Subject: Soka|OWA 2003|Change Password feature Hello All, We are looking at the OWA 2003 "Change Password" feature for our production environment. The odd thing is it allows "User A" to change the password of "User B", if "User B"'s password is known by "User A". This seems to be a security loophole we don't want to open. Is anyone using the "Change Password" feature that can share their experiences? We are Exchange 2003 SP1 Enterprise shop. 1FE/2BE configuration. Thanks, Robert Robert Lawson Senior Database Administrator/email administrator Soka University of America 1 University Drive Aliso Viejo, CA. 92656 USA main: 949.480.4000 fax: 949.480.4258 direct: 949.480.4224 rlawson@xxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: chipw@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx