Details
This policy setting determines what restrictions apply to users who publish their calendars
on Office.com or third-party World Wide Web Distributed Authoring and Versioning
(WebDAV) servers. If you enable or disable this policy setting, calendars that are published
on Office.com must have restricted access (users other than the calendar owner/publisher
who wish to view the calendar can only do so if they receive invitations from the calendar
owner), and users cannot publish their calendars to third-party DAV servers. If you do not
configure this policy setting, users can share their calendars with others by publishing
them to the Office.com Calendar Sharing Services and to a server that supports the World
Wide Web Distributed Authoring and Versioning (WebDAV) protocol. Office.com allows
users to choose whether to restrict access to their calendars to people they invite, or allow
unrestricted access to anyone who knows the URL to reach the calendar. DAV access
restrictions can only be achieved through server and folder permissions, and might require
the assistance of a server administrator to set up and maintain. The recommended state for
this setting is- Enabled.
*Rationale*
By default, users can share their calendars with others by publishing them to the Microsoft
Office.com Calendar Sharing Services and to a server that supports the World Wide Web
Distributed Authoring and Versioning (WebDAV) protocol. Office.com allows users to
choose whether to restrict access to their calendars to people they invite, or allow
unrestricted access to anyone who knows the URL to reach the calendar. DAV access
restrictions can only be achieved through server and folder permissions, and might require
the assistance of a server administrator to set up and maintain. If a calendar is visible to
anyone on Office.com or third-party DAV servers, sensitive information might be revealed
contained in calendar appointments.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Enabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook 2010Outlook
OptionsPreferencesCalendar OptionsOffice.com Sharing ServiceAccess to published
calendars
Impact-Most users probably don’t want to make their calendars available to every user on
Office.com, so the effect will likely be minimal in most environments.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.