Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Required Permissions to Manage Client Access

This is pre-release documentation and subject to change in future releases. [This topic's current status is: Revising Per Copy Edits.]

Applies to: Exchange Server 2010 SP1 Topic Last Modified: 2010-01-18

To perform administrative tasks on a computer running Microsoft Exchange Server 2010 that has the Client Access server role installed, you must have the required permissions for the user account that you're using to log on. Administrative tasks can be delegated or assigned to users by using Exchange 2010 administrative roles.

The following table summarizes the minimum permissions required to perform administrative tasks on a Client Access server.

Client Access administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Get-CASMailbox

 

 

X

 

Set-CASMailbox

 

 

X

 

Get-ClientAccessServer

 

 

 

X

Set-ClientAccessServer

X

 

 

 

New-WebServicesVirtualDirectory

X

 

 

 

Get-WebServicesVirtualDirectory

X

 

 

 

Remove-WebServicesVirtualDirectory

 

X

 

 

Set-WebServicesVirtualDirectory

 

X

 

 

New-AutodiscoverVirtualDirectory

X

 

 

 

Remove-AutodiscoverVirtualDirectory

X

 

 

 

The following table summarizes the minimum permissions required to perform administrative tasks for Microsoft Exchange ActiveSync.

Exchange ActiveSync administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Remove-ActiveSyncDevice

X

 

 

 

Clear-ActiveSyncDevice

X

 

 

 

New-ActiveSyncVirtualDirectory

X

 

 

 

Remove-ActiveSyncVirtualDirectory

X

 

 

 

Get-ActiveSyncVirtualDirectory

 

 

 

X

Set-ActiveSyncVirtualDirectory

X

 

 

 

Get-ActiveSyncDeviceStatistics

 

X

 

 

Get-ActiveSyncMailboxPolicy

 

X

 

 

New-ActiveSyncMailboxPolicy

X

 

 

 

Set-ActiveSyncMailboxPolicy

X

 

 

 

Remove-ActiveSyncMailboxPolicy

X

 

 

 

Export-ActiveSyncLog

 

 

X

 

Test-ActiveSyncConnectivity

 

X

 

 

The following table summarizes the minimum permissions required to perform administrative tasks for Outlook Web App. 

Outlook Web App administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

New-OwaVirtualDirectory

X

Get-OwaVirtualDirectory

X

Set-OwaVirtualDirectory

X

Remove-OwaVirtualDirectory

X

The following table summarizes the minimum permissions required to perform administrative tasks for Outlook Anywhere.

Outlook Anywhere administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Disable-OutlookAnywhere

 

X

 

 

Enable-OutlookAnywhere

 

X

 

 

Get-OutlookAnywhere

 

 

 

X

Set-OutlookAnywhere

 

X

 

 

The following table summarizes the minimum permissions required to perform administrative tasks for POP3 and IMAP4.

POP3 and IMAP4 administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Get-POPSettings

X

Set-PopSettings

X

Get-IMAPSettings

X

Set-ImapSettings

X

Bb124319.note(en-us,EXCHG.141).gifImportant:
Logging on to a computer by using full administrative credentials may pose a security risk to the computer and network. Therefore, as a security best practice, don't log on to a computer by using full administrative credentials when you want to perform routine administrative tasks. Instead, you can use the Secondary Logon service or the Run as command to start applications or additional commands in a different security context without having to log off of the computer. The Run as command prompts you to enter different credentials before the application or command can run. For more information about the Run as command, see Using Run as in the Windows Server 2003, Standard Edition online Help.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.