Permissions get messy over time. Whether it’s in Exchange, SharePoint, the File System, Active Directory, or elsewhere, people will enter and leave the organization, change roles, and require different levels of access as time goes on. Exchange mailbox permissions offer a particular challenge because of multiple layers of access: permissions associated to mailboxes, delegate rights assigned, and even mailbox rights in Active Directory on the user’s account.
Multiple problems can result: Default and Anonymous access can be set incorrectly, default settings could have been changed, Stale and Zombie SIDs could be applied, or disabled accounts in AD could have been given access. Compounding the problem, effective rights are difficult to discern because of the various ‘gates’ that a person can use to get access.
Largely, the problem stems from the sheer amount of data, exacerbated by time and natural changes in personnel. It’s that same vast number of settings that makes it difficult to solve the problem in an environment; imagine finding an access issue that exists in 500 users’ accounts. Changing them one at a time could take days, and requires the use of precious IT resources.
A complete solution offers the option of making changes in bulk, in accord with data that exactly identifies an issue or anomaly. To learn how STEALTHbits can help solve the Exchange Mailbox Mess, check out StealthAUDIT for Exchange.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Leave a Reply