OWA - Authentication Problems
Posted 01 March 2005 - 04:38 PM
The user goes to http://www.server.com/exchange/ and then gets Windows Challenge Response for UserName & Pass (not the owa login screen - Problem 1) then it authenticates and takes the user to his mailbox no problem, but when this user John goes and change the http://www.server.com/exchange/john to another user paul" rel="nofollow" target="_blank">http://www.server.com/exchange/paul he can then send/receive as that user without re-authentication? The users got plain and simply Domain User/User rights and that's it? (Problem 2)
Posted 01 March 2005 - 06:24 PM
Anyway, since you said that you can easily change that in oulook, then they also have permission to do this in OWA. So, restrict their access in Exchange itself. I may be repeating myself, but, now I know this is an Exchange issue. Perhaps removing John and Paul from the Exchange admins group could help. Unless they are admins.
Hope this helps...if not, then I'll see if I can point you in the right direction.
Posted 01 March 2005 - 10:03 PM
Once again, this is just from the top of my head, last time I used exchange 2 years ago. If I remember correctly, you need to change the top level exchange tree for permissions. Ugh, to many years....
Posted 02 March 2005 - 06:41 AM