Setting Server-Specific Permissions


Topic Last Modified: 2005-04-22

Permissions control access to Exchange objects. You can set permissions on some Exchange objects individually. These objects include public folder trees, address lists, mailbox stores, protocols, and servers. For these objects, Exchange uses and extends Active Directory permissions. Examples of Active Directory permissions are Read, Write, and List contents. Examples of extended Exchange permissions are Create public folder and View Information Store status. When you view an object's permissions, Active Directory permissions appear first in the list, followed by Exchange extended permissions.

Permissions in Exchange are inherited by default. For example, the permissions that you apply to a particular server are inherited by the objects that the server contains, such as the public folder and mailbox stores on that server. Inherited permissions are convenient because you do not have to set the permissions for every object in your Exchange organization manually.

When setting permissions on Exchange objects, use Exchange System Manager. Do not set permissions on Exchange objects using Windows Server 2003 MMC snap-ins, such as the Active Directory Sites and Services or Active Directory Users and Computers.

You can set permissions using the Exchange Delegation Wizard and apply these settings to a whole Exchange organization or to a specific administrative group. Because permissions are inherited, these permissions control who can view or modify settings at the server level. By default, these permissions are configured to support the standard Exchange administrator types (Exchange View Only Administrator, Exchange Administrator, and Exchange Full Administrator). You are strongly advised to use the standard Exchange administrator types and only change the settings if more detailed settings are required by your organization's security policy.

Security tab

For more information about the Exchange Delegation Wizard, see "Understanding Exchange Objects and Exchange System Manager."

For detailed instructions on modifying server-specific permissions, see How to Modify Permissions on a Specific Server.