Configuring Security

Using Administrative Groups for Access Control

You can create administrative groups to define areas with specific access control. For example, if your organization has two distinct sets of administrators that manage two distinct sets of Exchange servers, you can create two administrative groups in Exchange (containing the servers), and two administrative groups in Active Directory (containing the groups, users, and computers who can administer each Exchange group). Then, using Exchange Administration Delegation Wizard, you can set administrative permissions on each administrative group. Active Directory will propagate these permissions to all the configuration objects defined within that administrative group.

An administrative group contains system policies, routing groups, public folder hierarchies, servers, and chat networks, some of which depend on the choices you make during installation. You can use the grouping of these services to restrict permissions. Unless Exchange 2000 is installed on an existing Exchange 5.5 organization, administrative groups are disabled in System Manager by default. To enable administrative groups, right-click the organization, click Properties, and then select the Display administrative groups check box.

Related Topics

Administrative Groups System Policies