File Access Control Lists: Back-End Server
The following table lists the recommended file access control list (ACL) permission settings (the Exchange_2003-Backend_V1_1.inf file configures these settings automatically).
Directory | Old ACL | New ACL | Applied to subdirectories? |
---|---|---|---|
%systremdrive%\Inetpub\mailroot |
Everyone:
|
Administrators:
Local System:
|
Yes |
%systremdrive%\Inetpub\nntpfile\ |
Everyone:
|
Administrators:
Local System:
|
Yes |
%systremdrive%\Inetpub\nntpfile\ root |
Everyone:
|
Everyone:
|
Yes |
%ProgramFiles%\exchsrvr\ |
Administrators:
Users:
Server Operators:
|
Administrators:
Local System:
Server Operators:
|
All – except ADDRESS, OMA, BIN, EXCHWEB,and RES subdirectories |
%ProgramFiles%\exchsrvr \OMA \ADDRESS \BIN \EXCHWEB \RES |
Administrators:
Users:
Server Operators:
|
Administrators:
Local System:
Users:
Server Operators:
|
Yes |
Note
The settings defined on the nntpfile directory and subdirectories are not strictly required unless NNTP is configured to run on the server. However, the setting is defined in the Exchange_2003-Backend_V1_1.infsecurity template because it increases restrictions on the file system and is ready to use in case you want to enable NNTP at a later time.
Note
Additionally, if you install Exchange in a directory other than %programfiles%\exchsrvr then you will need to modify the INF files and change the path accordingly.