Permissions control access to Exchange objects. Use the Exchange Administration Delegation Wizard to set permissions on organizations and administrative groups, and thus control access to the Exchange objects contained within the organization or administrative group. You can also set permissions on some Exchange objects individually. These objects include public folder trees, address lists, MDBs, protocols, and servers. For these objects, Exchange uses and extends Active Directory permissions. Examples of Active Directory permissions are Read, Write, and List contents. Examples of extended Exchange permissions are Create public folder and View Information Store status. When looking at an object's permissions, Active Directory permissions are listed first, followed by Exchange extended permissions.
Setting permissions on public folders, address lists, and MDBs keeps them secure from unauthorized changes or access. Setting permissions on servers and protocols also enables an administrator to customize SMTP authentication. For example, to support the exchange of authenticated messages between SMTP connectors in two organizations, the SMTP virtual server on each side must give the account used for authentication Send As rights. Without this additional permission, messages sent between the servers will be denied, because the server performs a check to see if the authentication account has permissions to send as the user who sent the mail. Rights set on the server or the Protocols container will be inherited by all protocols, but the administrator can also set the rights on the SMTP or X.400 protocol directly.
To set permissions on a public folder tree, address list, MDB, protocol, or server:
- OR -
Related TopicsSet Advanced Permissions Exchange Administration Delegation Wizard Permissions Understanding Extended Permissions