|
Posted by Segue on July 3, 2007, 1:39 am
Please log in for more thread options
Well, thank you for the effort - I do appreciate that. I guess I don't
have much choice but to remove WDS under the circumstances. Given WDS's
behavior, with it installed, there is literally no longer any purpose to
Outlook profile passwords, as all emails are an open book to anyone sitting
down at that machine whether Outlook is running or not.
Thanks again for trying. :)
>
> I did some asking around internally about this and generally the
> recommendation is to use multiple Windows user accounts if you are
> concerned about the security implications of this behavior. Windows
> Desktop Search bases its security around Windows user accounts and so any
> data which is accessible when logged on as that user account can be
> indexed.
>
> What actually happens is that WDS does only do indexing on the Outlook
> profile that is currently active, but the data is in the index is
> preserved {that's the whole point of the index - to make later searching
> faster} so later search results can be viewed when that profile is no
> longer in use. There isn't really a way of changing this behaviour save
> disabling Outlook indexing altogether.
>
> There's some more information in these links that discuss the different
> approaches to sharing Outlook data across multiple users and the relative
> security implications:
> http://office.microsoft.com/en-us/outlook/HA011110031033.aspx
> http://office.microsoft.com/en-us/outlook/HA011471581033.aspx
>
>
>
>>
>>
>> Indeed, there are multiple Outlook profiles being used by different
>> users on the same Windows log-on session. However, their data is
>> normally kept private via passwords on their Outlook profiles. Up until
>> now, this has been sufficient, but WDS has made that security feature
>> effectively moot. Even should a user shut down Outlook before stepping
>> away from their station, they still have no security as someone can
>> simply load WDS and gain access to all of their Outlook data. That's why
>> it's still a security issue.
>>
>> If there is no workaround for this, than I would strongly suggest
>> Microsoft address this issue, as it creates a very large vulnerability on
>> systems which have WDS installed.
>>
>>
>>
>>
>>> If you have multiple Outlook profiles and different users are using them
>>> from the same Windows log-on session then yes, in some cases all
>>> profiles will be searchable. But this wouldn't be regarded as a security
>>> issue because all of that profile data is accessible to all of the users
>>> through the filesystem. On the other hand if you have different Windows
>>> log-on accounts for different users, then the Outlook data will be
>>> completely separate for each user and you won't see search results from
>>> multiple users.
>>>
>>> Dave Wood
>>>
>>>
>>>
>>>> I have a question in regards to Windows Desktop Search 3.01 (on WinXP
>>>> Pro). The default behavior of this program seems to yield security
>>>> issues in regards to Outlook emails. When multiple users are using
>>>> Outlook 2007 on the same machine, seperated by Profiles - doing a
>>>> search in WDS comes up with results from all Outlook profiles. This is
>>>> a serious security issue.
>>>>
>>>> What I would like to know is this - is there any way to restrict WDS so
>>>> that it only comes up with Outlook results if Outlook is running, and
>>>> only for any Data Files the active profile has access to? This way,
>>>> when it comes to email results, people will only see results for data
>>>> files they have access to.
>>>>
>>>> Is this possible?
>>>>
>>>>
>>>
>>
>>
>
| 
XML Sitemap