Configuring Security

Set Permissions

Permissions control access to Exchange objects. Use the Exchange Administration Delegation Wizard to set permissions on organizations and administrative groups, and thus control access to the Exchange objects contained within the organization or administrative group. You can also set permissions on some Exchange objects individually. These objects include public folder trees, address lists, MDBs, protocols, and servers. For these objects, Exchange uses and extends Active Directory permissions. Examples of Active Directory permissions are Read, Write, and List contents. Examples of extended Exchange permissions are Create public folder and View Information Store status. When looking at an object's permissions, Active Directory permissions are listed first, followed by Exchange extended permissions.

Setting permissions on public folders, address lists, and MDBs keeps them secure from unauthorized changes or access. Setting permissions on servers and protocols also enables an administrator to customize SMTP authentication. For example, to support the exchange of authenticated messages between SMTP connectors in two organizations, the SMTP virtual server on each side must give the account used for authentication Send As rights. Without this additional permission, messages sent between the servers will be denied, because the server performs a check to see if the authentication account has permissions to send as the user who sent the mail. Rights set on the server or the Protocols container will be inherited by all protocols, but the administrator can also set the rights on the SMTP or X.400 protocol directly.

To set permissions on a public folder tree, address list, MDB, protocol, or server:

  1. Start System Manager
    On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. Navigate to the object.
  3. Right-click the object, click Properties, and then click the Security tab.
  4. In Name, select a user, computer, or group for which you want to set permissions. If you do not see the user, computer, or group in Name:
  5. Select Allow or Deny for each type of permission in Permissions.
  6. To remove a user, computer, or group from the Name, select the user, computer, or group, and then click Remove.
  7. To set additional security options, click Advanced.
  8. If you want the object to inherit permissions from the organization, administrative group, or routing group that contains it, select the Allow inheritable permissions from parent to propagate to this object check box, or click to clear the check box if you do not want permissions inherited. By default, the check box is selected.

Related Topics

Set Advanced Permissions Exchange Administration Delegation Wizard Permissions Understanding Extended Permissions