Last night we discovered that once a user logs in and accesses ther Exchange account through Outlook Web Access that they can access any other account without re-authenticating by simply changing the last part of the URL in their browser to another user. When doing so and pressing enter the user will then has full access to that other users account without re-authenticating. We are running Exchange Server 2003 SP2 (Standard) on a MS Server 2003 Box Has anyone seen this before? If so what is the solution. Jeff

On Wed, 10 Mar 2010 21:35:02 +0000, seekatzj wrote:>Last night we discovered that once a user logs in and accesses ther Exchange account through Outlook Web Access that they can access any other account without re-authenticating by simply changing the last part of the URL in their browser to another user. When doing so and pressing enter the user will then has full access to that other users account without re-authenticating. We are running Exchange Server 2003 SP2 (Standard) on a MS Server 2003 Box Has anyone seen this before? If so what is the solution. Jeff Verify that you haven't given "Receive As" permission to a group like"Everyone".---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

On Wed, 10 Mar 2010 21:35:02 +0000, seekatzj wrote:>Last night we discovered that once a user logs in and accesses ther Exchange account through Outlook Web Access that they can access any other account without re-authenticating by simply changing the last part of the URL in their browser to another user. When doing so and pressing enter the user will then has full access to that other users account without re-authenticating. We are running Exchange Server 2003 SP2 (Standard) on a MS Server 2003 Box Has anyone seen this before? If so what is the solution. Jeff ---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Hi,How about your question? Any updates?Agree with Rich, it regards mailbox permission.If the user can open the mailbox in the same mailbox store, you need to check the perssion in ESM->administrator group->first administrator group->server->server name->storage group->mailbox store's properties->security tabSame for storage group, server, AG and organization.Frank Wang