We are experiencing an issue at a clients site whereby any one user is able to open another users mailbox using the Add mailbox option under account settings.
This obviously poses a bit of a security risk.
I'm pretty sure the issue is likely to be permissions related but I cannot for the life of me find a permission setting that is causing the issue. (I've used ADSIEDIT and gone through the organisation structure).
Any pointers welcome!