Question : Inherited permissions in Exchange

Our Exchange server seems to grant Everyone the default right to Open Other User's Folders. We can't figure out how to remove this right(On the permissions tab of each mail user's properties, Everyone is listed as having inherited permissions to the user's mailbox).
This seems like a huge default security gap!

Answer : Inherited permissions in Exchange

There are three levels of permissions in Exchange; the org, the site and configuration. Permissions flows downwards from there. The Recipients container inherits from the Configuration object.

The everyone group is not, is never, added automatically: a human did this. Get properties on the three levels in turn, hit the permissions tab and remove the Everyone group. Or, at the very least, the Configuration object.

There should be only two accounts listed at any of these levels: the service account (with service account permissions) and the admin (permissions admin). There could be multiple admins, but never the everyone group.

On a mailbox, there will be those two accounts (inherited from the Configuration leaf) and the user account for that mailbox.

As to who added it: only an admin with Permissions Admin rights or someone logged on with the service account can modify those permissions. That should narrow the list of suspects considerably.

Random Solutions

Win XP Hangs loading ethernet connect to cable modem

Cisco Unified Call Manger 6.0 Configuration

Reverse DNS failing

how to get city or place name through latitude and longitude

How do I setup a DMZ?

Setting up SpamAssassin to run on Netware with GroupWise GWIA 6.0

Force replication with a script or cammand

ISDN vs Frame Relay

Trying to add external domain e-mails to a group on Domino 8

how do I extract Public Address book template from Domino install shield executable ?