0

Once i've logged into my work OWA, i've found i can access any other staff members mailbox simply by changing my username to theirs in the web address box! How do i turn off this scary 'feature'???

And can someone with someone add the 'outlook-web-access' tag please

Cheers

RKid
  • 67
  • 1
  • 7
  • Will "owa" do..? – RainyRat Oct 30 '09 at 10:19
  • Try doing this on a non-administrator account – sclarson Oct 30 '09 at 12:20
  • Tried it, still have access to all users mailboxes. – RKid Oct 30 '09 at 12:57
  • 1
    Sounds like you have permissions issues on your mailboxes. I would start looking there before blaming OWA. – Adam Oct 30 '09 at 13:08
  • Managed to fix this - found that 'EVERYONE' group had full control of mailboxes for some unknown reason(!?). Couldn't change mailbox permissions on individual users properties, had to locate 'Mailbox Store (MY_SERVERNAME)' on Exchange server and change permissions on the Security Tab in it's properties. Thanks for the suggestions. – RKid Nov 03 '09 at 13:25

3 Answers3

1

Are you an exchange / domain admin by any chance?

Kip
  • 897
  • 1
  • 12
  • 22
  • Yes but i've set up another standard user test account and i can do it from this account too. – RKid Oct 30 '09 at 12:55
  • Something is wrong with your Exchange security settings then. My guess is if you take that same test user you can open up anyones inbox via Outlook. – ITGuy24 Oct 30 '09 at 13:07
1

This site may help find the issue.

http://telnetport25.wordpress.com/2007/07/25/default-security-permissions-on-an-exchange-mailbox-2003/

ITGuy24
  • 1,576
  • 1
  • 15
  • 29
0

this can happen due to different reasons,

First -> a device that is caching Users credentials can allow person A to gain access to person B's mailbox.

Second -> http://support.microsoft.com/kb/173658"

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Add DWORD Value, and add the following: Value Name: UserTokenTTL
Data Type: REG_DWORD
Data: (Number of seconds for token to be cached - 30 second min)

Regards, Vivek.

Vivek Kumbhar
  • 3,063
  • 1
  • 17
  • 13