Link to home
Start Free TrialLog in
Avatar of markarmer
markarmer

asked on

All users can see everyone's calendar, tasks and contacts even when not shared

I have just inherited the role of managing an existing Exhange 2003 server which has the following problem:

Any user connected to the server with Outlook can click 'Open Shered Calendar' and open ANY calendar on the system. They are able to add, edit and even delete other people's entries despite the fact that these calendars are not shared. The same problem also applies to Contacts and Tasks.

I tried creating a new user and specifically selecting NONE as permissions so no-one could access it, yet as soon as I went to a different user's PC I was able to open that calendar and add entries.

What we need to achieve here is that no-one can access any other calendar or contacts etc.. unless they are specifically granted rights by the user who owns the calendar. I thought this was the default setting in Exchange, maybe it is and the prior IT guy changed something?

The CEO brought me in to deal with this after finding a junior employee looking at his contact list and of course, this has caused a massive issue within the company. Unfortunately I am not an Exchange guru and am not sure where to begin on this problem, all I know is that I need to fix it fast. ANY help will be very gratefully appreciated.
Avatar of MichaelVH
MichaelVH
Flag of Belgium image

Hi,

have you had a look at the Exchange Permissions through AD Users & Computers? If everyone has full rights to eachothers mailbox/calendar they do not necessarily show in Outlook

Michael
Avatar of maxis2cute
maxis2cute

in AD users and comnputers, on a users properties there is a tab called exchange advanced.  

in mailbox rights is where you want to set permissions.  
Avatar of markarmer

ASKER

Thank You for the quick Reply.
I just looked at the setting for 'everyone' and all 'Deny' boxes are checked for the new test user I setup.

how about domain users, authenticated user, etc...

you said you went to a different users pc.  if you log off and relogon does it still show the mailbox?
Hmm...
Authenticated Users has the  Allow 'Full Mailbox Control' box checked but greyed out. No other boxes are checked in that one.
Can you tell me, in an ideal environment for this to work what users should have what permissions in order for them to be unable to see anyone elses calendar UNLESS the owner sets sharing permissions with outlook?
Markarmer,

it looks to me that the permissions were inherited. Is there maybe a setting higher up the OU's that set the "Authenticated users - Full Control" permission?
ASKER CERTIFIED SOLUTION
Avatar of markarmer
markarmer

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial