• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 174
  • Last Modified:

outlook web access security issue

I am running exchange server 2000 at our company for email.  The user all user outlook to access their email.  With in the company intranet certain users access email using outlook web access.

Here is the problem, I have  users who use the owa for email access and they do not have to enter a passwork to assess their mail, so they can enter any users name..ie  \\server\exchange\username and excess anyones email.

I want the users to have to enter a passwork in order to access the web mail.
2 Solutions

It sounds like these users are a member of an admin group or another group that has full mailbox access to all the mailboxes within your organisation. I'd start by checking their membership via AD and then check the Exchange permissions for one of the mailboxes that they can access but should not be able to via AD.

Or IIS permissions are not setup.

Open IIS Manager.
Expand the server name, then expand Web sites.
Right click the Web site and then click Properties.
Click Directory Security -> Edit under Anonymous and Access Control.
Select Integrated Windows authentication.  Do not allow Anonymous Access.
Now go to the IP address and domain name restrictions and click Edit.
Click Add under Granted Access and add the domain to the list.
Restart IIS (sart-run: IISRESTART)

 - Brugh
Forced accept.

EE Admin

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now