|
Home > Archive > IIS Server Security > June 2007 > Error for some users ehrn connecting to exchange server folders
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Error for some users ehrn connecting to exchange server folders
|
|
|
| IIS 5 security issue
CDO is installed on web server
Scenario:
In an asp page users are authenticated throug the integrated windows method
a connection is made to a remote exchange server
"strProfileInfo = strServer & vblf & strMailbox
Set objSession = Server.CreateObject("MAPI.Session")
objSession.Logon , , , False, , True, strProfileInfo
Set objInfoStores = objSession.InfoStores"
Problem: this will only work if users are member of the Power User or
Administator groups on the web server.
I am not very pleased with that, so may this be avoided?
| |
| David Wang 2007-06-11, 7:19 am |
| On Jun 10, 12:29 pm, hjpal <h...@post.tele.dk> wrote:
> IIS 5 security issue
> CDO is installed on web server
>
> Scenario:
>
> In an asp page users are authenticated throug the integrated windows method
>
> a connection is made to a remote exchange server
>
> "strProfileInfo = strServer & vblf & strMailbox
> Set objSession = Server.CreateObject("MAPI.Session")
> objSession.Logon , , , False, , True, strProfileInfo
> Set objInfoStores = objSession.InfoStores"
>
> Problem: this will only work if users are member of the Power User or
> Administator groups on the web server.
>
> I am not very pleased with that, so may this be avoided?
This does not look like an issue with IIS and not really a security
issue. Maybe the strProfileInfo access is restricted and you need to
look through documentation of MAPI.Session to determine requirements.
What if you run the script code on the commandline with an interactive
logged-in user. Does that user need to be Power User/Administrator or
not?
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
|
|
|
|
|