Security – Exchange 2010 allows outside access to network files

exchange-2010file-sharingSecurity

One of our users discovered by accident he could access our network files from his smartphone while at home. No VPN needed. He was sent an email with an internal link to a network share on his android. When he opened the email and clicked on the link, he could browse our files while at home.

Looking at the access logs, the connection to the share and files he accessed came from our mail server (Exchange 2010). We have no sharepoint servers running at all, and certainly not on the Exchange server.

What is this function/feature called, and is it possible to turn this function/feature off? Should I turn this off?

Best Answer

It's called "Computer File Access" or "Direct File Access", but I think this only available through OWA, and not through other means (i.e. directly from the Smartphone from the built-in-email-client)

Direct file access lets users open files that are attached to e-mail messages and files that are stored in Windows file shares. You can manage direct file access for Microsoft Office Outlook Web App in Microsoft Exchange Server 2010 for both public and private computers.

By default, public computer direct file access is enabled for new installations and upgrades of Outlook Web App. Therefore, when users in your organization select This is a public or shared computer or This is a private computer on the Outlook Web App sign-in page, they will be able to access files that are attached to e-mail messages.

For details, see here: http://technet.microsoft.com/en-us/library/bb124232(v=exchg.141).aspx

Best Answer

Related Solutions

Exchange 2003-Exchange 2010 post migration GAL/OAB problem

Security – Our security auditor is an idiot. How to give him the information he wants

Related Topic