|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Exchange Information Store Security? Send As...
From: Stuart Fox (DSL AK) (StuartF
datacom.co.nz)
Date: Thu Jun 03 2004 - 00:04:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Why not? Because that user ID can then send a message as any user on the
Exchange server (e.g. your CEO). If you absolutely have to implement this,
ensure that that particular user is tightly locked down, can only log on to
specified machines (probably the servers and nothing else) and activity is
tightly audited.
> -----Original Message-----
> From: A. Bluecoat [mailto:abluecoathotmail.com]
> Sent: Thursday, 3 June 2004 9:23 a.m.
> To: focus-mssecurityfocus.com
> Subject: Exchange Information Store Security? Send As...
>
> Hey all,
> I have a user with an application and userID that needs Send
> As and Administer Information Store access on our Exchange
> servers. I've found one doc that advises against granting
> Send As to a single user but nothing real specific about why
> not - what are the risks? I understand it's best practice,
> but I've got pressure to give an example of "why not?" Any
> help is appreciated. Thanks.
>
> _________________________________________________________________
> Getting married? Find great tips, tools and the latest trends
> at MSN Life Events.
> http://lifeevents.msn.com/category.aspx?cid=married
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]