Configuring Security


Permissions control access to Exchange objects. You should use the Exchange Administration Delegation Wizard to set permissions on organizations and administrative groups, and thus control access to the Exchange objects contained within the organization or administrative group. You can set permissions on some Exchange objects individually. These objects include public folder trees, address lists, MDBs, protocols, and servers. For these objects, Exchange uses and extends Active Directory permissions. Examples of Active Directory permissions are Read, Write, and List contents. Examples of extended Exchange permissions are Create public folder and View Information Store status. When looking at an object's permissions, Active Directory permissions are listed first, followed by Exchange extended permissions.

Permissions in Exchange are inherited by default. This means that permissions you apply to an object are inherited by the objects it contains. For example, if you set permissions on an administrative group, by default those permissions are inherited by the routing groups the administrative group contains. Inherited permissions are convenient because you do not have to manually set the permissions for every object in your Exchange organization.

You should set permissions on Exchange objects only through Exchange System Manager. You should not set permissions on Exchange objects through Windows 2000 MMC snap-ins, such as the Active Directory Sites and Services or Active Directory Users and Computers snap-ins.

This section contains the following topics:

Related Topics

Exchange Administration Delegation Wizard