Microsoft KB Archive/253478
Article ID: 253478
Article Last Modified on 10/27/2006
- Microsoft Exchange Server 5.5 Standard Edition
This article was previously published under Q253478
The mailbox Default permissions may become out of synchronization with the permissions that are displayed in the shortcut menu for that mailbox. The shortcut menu permissions are displayed if you right-click a folder (for example, the Inbox or Calendar folders), click Properties in the shortcut menu, and then click the Permissions tab. If the Default permissions are displayed as None, this information may be inaccurate, and other mailboxes may be able to access the mailbox folders even though it appears that no permissions have been granted.
For example, on the mailbox of user A, the default permissions are out of synchronization on the Inbox folder of user A. Another user, user B, logs on to mailbox B; user B has not been granted any special rights. After user B logs on to mailbox B, if user B clicks Open on the File menu, clicks Other User's Folder, and then clicks the Inbox folder of user A, user B has full access to the Inbox folder of user A. This behavior appears to be a security hole, but it is not; the permissions settings for that folder allow user B to connect to the folder.
This article only applies if the Default permissions are the only permissions granted to a folder. Once multiple user permissions are granted, the issues becomes more complicated. However, the basics stay the same: if a user is not granted explicit permission to access a folder he can reset the default permission.
This article assumes that you know how to log on to mailboxes by using the Mdbvu32 utility.
After you log on to the appropriate mailbox by using the Mdbvu32 utility, select the folder in question. A Messaging Application Programming Interface (MAPI) field determines the default permissions of the folder that you have selected. Depending on the version of Mdbvu32 that you use, this field is displayed as one of the following:
Following this entry, the values that correspond to the mapped permissions are displayed. The following table contains the permissions that are associated with these values.
|Owner||=00 FB 05 00 00 00|
|Publishing Editor||=00 FB 04 00 00 00|
|Editor||=00 7B 04 00 00 00|
|Publishing Author||=00 9B 04 00 00 00|
|Author||=00 1B 04 00 00 00|
|Non-Editing Author||=00 13 04 00 00 00|
|Reviewer||=00 01 04 00 00 00|
|Contributor||=00 02 04 00 00 00|
To reset the permissions back to None, remove the None setting and allow the entry to repopulate. After you do this, no one can access the folders.
Keywords: kbinfo KB253478