Error for some users ehrn connecting to exchange server folders -- iis security

hjpal
6/10/2007 9:29:24 PM

IIS 5 security issue
CDO is installed on web server

Scenario:

In an asp page users are authenticated throug the integrated windows method

a connection is made to a remote exchange server

"strProfileInfo = strServer & vblf & strMailbox
Set objSession = Server.CreateObject("MAPI.Session")
objSession.Logon , , , False, , True, strProfileInfo
Set objInfoStores = objSession.InfoStores"

Problem: this will only work if users are member of the Power User or
Administator groups on the web server.

I am not very pleased with that, so may this be avoided?

David Wang
6/11/2007 10:59:24 AM

[quoted text, click to view]

This does not look like an issue with IIS and not really a security
issue. Maybe the strProfileInfo access is restricted and you need to
look through documentation of MAPI.Session to determine requirements.

What if you run the script code on the commandline with an interactive
logged-in user. Does that user need to be Power User/Administrator or
not?

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

iis security : Error for some users ehrn connecting to exchange server folders