Areas to adjust mailbox permissions
Posted on 2013-01-02
So I have an issue with users having too many rights to other users' mailboxes. It's not universal, but I'm not sure on what layer the permissions are being set at.
Initially I was just focused on one user having access to another user's mailbox and whated to put a stop to it. Initially I adjusted the full access permissions on Exchange. That's were I tend to set these sort of permissions up. I rmeoved the user and thought that would resolve. it did not. I thought maybe slow replication, forced replication and issue remained.
Setup my sessions outlook profile for both users and logged into outlook as both. I checked the source user and her sharing permissions. Default was setup to reviewer which i removed. but this again did not resolve the issue.
I verified settings with another high level user which I knew others should not have access. To my surprise when i did some baseline testing to make sure my testing methods were sound, they failed. They had access to this secure user, which they should not. I double checked her sharing permissions as well as the exchange permissions and they are both restricted.
Checked a brand new user who was just setup, and they can all access this mailbox as well. No custom permissions with this new account.
I checked some of the executives and surprisingly, most of them are secure and the users could not gain access, but not all.
There is some other level of security at play here. I'm looking for ideas on what may need to be adjusted to gain back my mailbox security. If users need access to other users' mailboxes i want to maintain that in the Exchange full access permissions ideally.
Thanks for your help.