Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Required Permissions to Manage Client Access

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2006-09-20

To perform administrative tasks on a computer that is running Microsoft Exchange Server 2007 that has the Client Access server role installed, you must have the required permissions for the user account that you are using to log on. Administrative tasks can be delegated or assigned to users by using Exchange 2007 administrative roles.

Table 1 summarizes the minimum permissions that are required to perform administrative tasks on a Client Access server.

Table 1   Client Access administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Get-CASMailbox

 

 

X

 

Set-CASMailbox

 

 

X

 

Get-ClientAccessServer

 

 

 

X

Set-ClientAccessServer

X

 

 

 

New-WebServicesVirtualDirectory

X

 

 

 

Get-WebServicesVirtualDirectory

X

 

 

 

Remove-WebServicesVirtualDirectory

 

X

 

 

Set-WebServicesVirtualDirectory

 

X

 

 

New-AutodiscoverVirtualDirectory

X

 

 

 

Remove-AutodiscoverVirtualDirectory

X

 

 

 

Table 2 summarizes the minimum permissions that are required to perform administrative tasks for Exchange ActiveSync.

Table 2   Exchange ActiveSync administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Remove-ActiveSyncDevice

 X

Clear-ActiveSyncDevice

X

New-ActiveSyncVirtualDirectory

X

Remove-ActiveSyncVirtualDirectory

X

Get-ActiveSyncVirtualDirectory

X

Set-ActiveSyncVirtualDirectory

X

Get-ActiveSyncDeviceStatistics

X

Get-ActiveSyncMailboxPolicy

X

New-ActiveSyncMailboxPolicy

X

Set-ActiveSyncMailboxPolicy

X

Remove-ActiveSyncMailboxPolicy

X

Export-ActiveSyncLog

X

Test-ActiveSyncConnectivity

X

Table 3 summarizes the minimum permissions that are required to perform administrative tasks for Microsoft Office Outlook Web Access.

Table 3   Outlook Web Access administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

New-OwaVirtualDirectory

X

Get-OwaVirtualDirectory

X

Set-OwaVirtualDirectory

X

Remove-OwaVirtualDirectory

X

Table 4 summarizes the minimum permissions that are required to perform administrative tasks for POP3 and IMAP4.

Table 4   POP3 and IMAP4 administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Get-POPSettings

X

Set-POPSettings

X

Get-IMAPSettings

X

Set-IMAPSettings

X

importantImportant:
Logging on to a computer by using full administrative credentials may pose a security risk to the computer and network. Therefore, as a security best practice, do not log on to a computer by using full administrative credentials when you want to perform routine administrative tasks. Instead, you can use the Secondary Logon service or the Run as command to start applications or additional commands in a different security context without having to log off the computer. The Run as command prompts you to enter different credentials before the application or command can run. For more information about the Run as command, see Using Run as in the Windows Server 2003, Standard Edition online Help.

For more information about how to configure permission in Exchange 2007, see Configuring Permissions.

For more information about permission considerations in Exchange 2007, see Permission Considerations.

To ensure that you are reading the most up-to-date information and to find additional Exchange Server 2007 documentation, visit the Exchange Server TechCenter.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.