Parallels Desktop
Parallels Desktop 7 for Mac Run Windows applications without switching between Windows and Mac OS X! Best integration of Mac and Windows. Windows apps now work with Lion feaures, including Mission Control, Launch Pad, Resume, and all trackpad gestures. Supports Windows 7 Aero, with peformance even faster than before. Now runs OS X Server in a virtual machine!

"Parallels Desktop 7 beat VMware Fusion 4.0.2 in 74.9% of the general tests we ran, and Parallels was double the speed or more in almost a quarter of the top-level tests."
--MacTech Magazine

 

Deals from Amazon

Office 2011 for Mac
Now includes Outlook for Mac

Windows 7
Windows XP for your Mac, for running with Boot Camp, Parallels or VMware

MacDrive 8
Access your Mac OS X partition from
Boot Camp

The New Kindle
Smaller, lighter, faster
Only $139



Snow Leopard Tips and Reports

Outlook 2011 Tips and Reports

iPhone and Exchange Server Tips and Reports

Windows Servers and Macs


Windows on Mac

- Virtual PC 7.x
(PowerPC Macs




GoToMeeting - Online Meetings Made Easy

TIP: Outlook 2011 "security" issue and a precautionary measure

Thursday, June 16, 2011

Austin McCollum responded to our post about a possible security issue with Outlook 2011 Mac. He has seen the symptoms, but doesn't believe it's a real security issues and tells us why, describing the issue in detail. McCollum also describes how to verify that it is a security problem using Active Directory, and offers a precautionary change to make on Exchange Server. Here's his report:

I saw this forum entry because a recent customer brought up the same issue. I wanted to respond and let folks know that I think it is likely the Send on Behalf permission causing confusion. Turns out PFDAVadmin, Outlook on Mac and PC won't always have the publicDelegates permissions showing. However, if it turns out to really be sending as after verifying the AD properties, I'd like to know!

If someone thinks it's a genuine security issue, they should open a case with Microsoft to get it sorted out.

To ensure there are no additional permissions on the account that is able to send AS, run the following Exchange Management Shell command:

get-mailbox spoofedUserAlias | Get-ADPermission | where {($_.ExtendedRights -like "Send-As") -OR ($_.ExtendedRights -like "ms-Exch-EPI-may-impersonate") -or ($_.ExtendedRights -like "ms-Exch-EPI-Impersonation")}

Here's the behavior I found for Exchange 2007 SP3 and Outlook 2011 SP1.

E2k7native -- account sharing their calendar

E2k7calPF -- Mac Outlook 2011 user given reviewer permissions to E2k7native

When I gave only reviewer permissions to the calendar, I was able to craft an email as the shared calendar owner, but received the error here as expected.

When I gave the Mac Outlook user delegate permissions, I was able to craft and send a message as expected. However, in the Inbox message list, the From: shows e2k7native instead of the actual sender e2k7calPF. Only when viewing the headers or the message details can you tell it was sent by or sent on behalf of the real user [by design].

Here's what the message looks like from Outlook 2007:

And here are the Internet headers:

11:58:13 -0500
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: e2k7native <e2k7native@contoso.com>
To: E2k7calPF <E2k7PF@contoso.com>
Sender: E2k7calPF <E2k7PF@contoso.com>
Date: Thu, 9 Jun 2011 11:58:12 -0500
Subject: test as delegate
Thread-Topic: test as delegate
Thread-Index: AcwmxmqYllFYJ6QcQ9+LkMN9ARcjhg==
Message-ID: <CA161FB7.10%e2k7native@contoso.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <CA161FB7.10%e2k7native@contoso.com>
MIME-Version: 1.0

The real indicator will be to verify in Active Directory. To determine who has Send on Behalf permissions to a mailbox, view the mailbox owner's account object from ADSIedit and view the publicDelegates property. The distinguished name values there represent who can Send on behalf. If we verify this entry doesn't contain the Mac Outlook user, then please contact me so we can investigate further.

if you have verified this in Active Directory, or if you can add to this discussion.

Current news on the MacWindows home page

CrossOver 10 "Impersonator" runs Windows apps on a Mac--without Windows
Runs more Windows apps and installs them with 1 click. Office, Outlook support, Quicken, ActiveX in Internet Explorer and more, launched directly from the Finder -- just as if they were Mac apps.
CrossOver Games runs Left4Dead, Warcraft, Steam, Spore, and others on your Mac.

Starts at only $40 (and no need to buy Windows!) Free trial from CodeWeavers.
Click here for more.


Other MacWindows Departments

| Product Solutions | Reports and Tips | News Archives | Site Map |
|
MacWindows Home |

| Top of Page |

This site created and maintained by
Copyright 2011 John Rizzo. All rights reserved.