?
Solved

OWA Restricting Access

Posted on 2002-03-22
10
Medium Priority
?
439 Views
Last Modified: 2013-12-17
Hi,
We've set up Exchange 2000 and OWA is running nicely. The problem is that users can access anyones e-mail by simply changing the mail box name in the address bar.

How do I restrict access so that users can access only there own mailbox?

Cheers
CJ Windsor
0
Comment
Question by:cjwinks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
10 Comments
 
LVL 15

Expert Comment

by:samri
ID: 6892077
Im' not quite familiar with OWA.  Perhaps there should be some kind of security option where each users must be authenticated before the can open a mailbox.  Check the OWA (I hope OWA is some kind of web based email system), documentation on how to enable such authentication.

just a thought.
0
 
LVL 5

Accepted Solution

by:
markt9 earned 100 total points
ID: 6895622
Outlook Web Access (OWA)

Have you read the Planning and Deploying Outlook Web Access 5.5 from Microsoft?  try http://www.microsoft.com/exchange/techinfo/planning/55/OutlookWebaccess.asp

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q236811
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263236
http://www.swynk.com/friends/janssen/OWA_Security.asp
http://www.slipstick.com/exs/owa.htm

of course you should consider installing Linux, sendmail, and neomail instead....
0
 

Author Comment

by:cjwinks
ID: 6896352

Ta for the advice.
However,
I've set the Exchange directory security to basic level authentication. This prompts for a log on, but once a user is logged on he/she can still access anyones mail box by just changing the URL.

For example...
  -log on to "servername/Exchange", Enter name & password
  -This gets them into there own inbox
  -They can however just change the URL to "servername/Exchange/userx" (where userx is name another user). This lets em read userx's mail.

How can I restrict this sort of access?



0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:cjwinks
ID: 6896355

Ta for the advice.
However,
I've set the Exchange directory security to basic level authentication. This prompts for a log on, but once a user is logged on he/she can still access anyones mail box by just changing the URL.

For example...
  -log on to "servername/Exchange", Enter name & password
  -This gets them into there own inbox
  -They can however just change the URL to "servername/Exchange/userx" (where userx is name another user). This lets em read userx's mail.

How can I restrict this sort of access?



0
 
LVL 5

Expert Comment

by:markt9
ID: 6898058
hehe....tell you users not to change the url to someone elses name....hehe.  Being the open source fan of Sendmail and linux in general, it is kind of humerous to hear how to defeat a OWL server.....but i'm sure it was your higherups that decided on exchange server....

Are you running OWA on a seperate machine from the exchange server?  Maybe you need to check both machines for permissions.

If you added a new user on just one machine does that automaticly give you access to the other?  Don't add that user to any groups to start your test and find the minimum permissions to get just the mail.

Did you modify the OWA program?  Did you mess up the global.asa in the process.

Did you pay for support from Microsoft when you went with Exchange?
0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 100 total points
ID: 6949233
Secure it up while you are at it

a) Upgrade each and every MS component
b) run https (not http) to url
c) install root CA certificate to browser

noting -
> -They can however just change the URL to "servername/Exchange/userx"

If I am logged in to it, using my ID in place of userx yields the 404: "The page cannot be found"

user browse mode should be disabled
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6949238
(revision, error should be HTTP/1.1 401 Unauthorized where userx is internet EM ID, not Exchange/MS ID)
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question