I was working on a subscribers PC today (logged in as them not admin). I tried to get to the http://server/saweb and it let me right in. I could change anyones phone extension/password or anything. This shouldn't be happening. I logged into the windows 98 computer as another user that didn't have VM and couldn't get to the saweb screen?
How can I tighten down security? I had opened a TAC case about 2 months ago regarding logging into SA. There was some problem and TAC worked for awhile fixing the security for SA but I am now curious if there is a hole in it. Obviously I don't want users to get to saweb. Is there something in Unity I change to block SA from everyone but admin or exchange admins? Or do we do this through windows security?