You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your request related to a problem? Please describe.
A clear and concise description of what the problem is and the results it had on the environment.
Exchange can operate in 3 different permissions models and the healthchecker script should probably report which model is in use in an environment given the importance of that setting to overall domain security
Shared Permissions
RBAC Split Permissions
Active Directory Split Permissions
Describe The Request
A clear and concise description of the feature to add to a current tool or a new tool with what we all want to be checking with examples.
Given the risks of privilege escalation to Domain Admin inherent in the default Shared Permissions model it seems like its going to be increasingly important for Exchange deployments and admins to have better visibility to the attack paths currently enabled in their deployments
Additional context
Add any other context or screenshots about the feature request here.
Is your request related to a problem? Please describe.
A clear and concise description of what the problem is and the results it had on the environment.
Exchange can operate in 3 different permissions models and the healthchecker script should probably report which model is in use in an environment given the importance of that setting to overall domain security
Shared Permissions
RBAC Split Permissions
Active Directory Split Permissions
Describe The Request
A clear and concise description of the feature to add to a current tool or a new tool with what we all want to be checking with examples.
Given the risks of privilege escalation to Domain Admin inherent in the default Shared Permissions model it seems like its going to be increasingly important for Exchange deployments and admins to have better visibility to the attack paths currently enabled in their deployments
Additional context
Add any other context or screenshots about the feature request here.
reference: https://learn.microsoft.com/en-us/exchange/permissions/split-permissions/split-permissions?view=exchserver-2019
reference: https://adsecurity.org/?p=4119
The text was updated successfully, but these errors were encountered: