Maintaining the Minimum Permissions Required for Mailbox Stores and Public Folder Stores

  • Article

 

If you modify the default permissions on Exchange Server 2003 mailbox stores and public folder stores, make sure you maintain the following minimum permissions:

  • Administrators group   Full Control

  • Authenticated Users group   Read and Execute, List Folder Contents, and Read

  • Creator Owner   None

  • Server Operators group   Modify, Read and Execute, List Folder Contents, Read, and Write

  • System account   Full Control

You may experience difficulties in mounting the mailbox stores or public folder stores if you do not maintain these permissions for these groups and accounts. The following error messages and events indicate that the accounts and groups in the previous list do not have the correct permissions:

  • An internal processing error has occurred. Try restarting Exchange System Manager or the Microsoft Exchange Information Store service, or both.

  • MAPI or an unspecified service provider. ID no: 00000476-0000-00000000.

  • Information Store (2520) An attempt to determine the minimum I/O block size for the volume "[drive:\]" containing "[drive:\]Exchsrvr\Mdbdata\" failed with system error 5 (0x00000005): "Access is denied." The operation will fail with error –1032 (0xfffffbf8).

  • Error 0xfffffbf8 starting Storage Group [dn of storage group] on the Microsoft Exchange Information Store.

  • The MAPI call 'OpenMsgStore' failed with the following error: The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance. The MAPI provider failed. Microsoft Exchange Server Information Store ID no: 8004011d-0526-00000000.

Problems may occur when mounting public folder stores if you have cleared the Allow inheritable permissions from parent to propagate to this object option for the public folder hierarchy. The following error messages indicate that you have cleared this option:

  • The store could not be mounted because the Active Directory information was not replicated yet.

  • The Microsoft Exchange Information Store service could not find the specified object. ID no: c1041722

For detailed steps about how to restore the permissions that Exchange requires, see"How to Restore the Permissions that Exchange Requires".