We have an Exchange 2010 environment that seems to have some unwanted permission problems.
To explain, If I create 2 new users USER-A and USER-B (just standard domain users with mailboxes) they instantly have the ability to add each others mailbox to their own outlook client and view and delete each others objects.
I have checked the full access permissions for both the users and I cant see any groups there that would have granted the permission. For this test I even created a new mailbox database on one of the servers in case it was a permission set at the database level. It looks like the permission is being granted at a higher level somewhere.
I know the "receive as" permission also has the ability to grant this type of access, but I'm not sure how to check this permission.
Can someone help identify where 2 new users might have picked up this permission to open and view other mailboxes?
Thanks in advance