Secure Messaging with Microsoft Exchange Server 2000

2017-07-07 02:10:07

Permissions listed in this section are applied to objects contained in the Exchange configuration container or its children. The configuration container’s AD path is cn=Microsoft Exchange, cn=Services, cn=Configuration, dc=domain.

Table B-1: Permissions granted to objects in the Microsoft Exchange container
Account	Allow	Deny	Inherit	Right	On Property
During ForestPrep phase
Authenticated Users				ACTRL_DS_LIST \| ACTRL_DS_READ_PROP
Designated admin account				DS_AM_FULL_CONTROL
During server install
Exchange Domain Servers				STANDARD_RIGHTS_READ \| ACTRL_DS_READ_PROP \| ACTRL_DS_LIST
During ADC setup
Exchange Services				DS_AM_FULL_CONTROL

Table B-2: Permissions granted on the ADC Connection Agreement container
Account	Allow	Deny	Inherit	Right	On Property
During server install
Exchange Domain Servers				DS_AM_FULL_CONTROL

Table B-3: Permissions granted on the Organization container
Account	Right	On Property/ Applies To
During ForestPrep phase
Authenticated Users	ACTRL_DS_LIST_OBJECT \| ACTRL_DS_READ_PROP
Designated admin account	Send-As
Designated admin account	Receive-As
During server install
“Enterprise Admins”	Send-As
“Enterprise Admins”	Receive-As
“Domain Admins” of root domain	Send-As
“Domain Admins” of root domain	Receive-As
Everyone	ms-Exch-Create-Top-Level- Public-Folder
Everyone	ms-Exch-Create-Public- Folder
Everyone	ms-Exch-Store-Create- Named-Properties
Everyone	STANDARD_RIGHTS_READ \| ACTRL_DS_READ_PROP \| ACTRL_DS_LIST \| ACTRL_LIST_OBJECT	Applies to object class: msExchPrivateMDB
Everyone	STANDARD_RIGHTS_READ \| ACTRL_DS_READ_PROP \| ACTRL_DS_LIST \| ACTRL_LIST_OBJECT	Applies to object class: msExchPublicMDB
Everyone	STANDARD_RIGHTS_READ \| ACTRL_DS_READ_PROP \| ACTRL_DS_LIST \| ACTRL_LIST_OBJECT	Applies to object class: mTA
Exchange Domain Servers	DS_AM_CONTROL_ACCESS(i.e., all extended rights)
Exchange Domain Servers	ACTRL_DS_CREATE_CHILD
Exchange Domain Servers	ACTRL_DS_WRITE_PROP	Public- Information(property set)
Exchange Domain Servers	ACTRL_DS_WRITE_PROP	Personal- Information (property set)
Exchange Domain Servers	DS_AM_FULL_CONTROL	Applies to object class: siteAddressing
When enabling an SRS (ACE is removed when SRS is disabled)
MACHINE$	ACTRL_DS_LIST_OBJECT \| ACTRL_DS_CREATE_CHILD\| ACTRL_DS_DELETE_CHILD

Table B-4: Permissions granted on the Address Lists container
Account	Allow	Deny	Inherit	Right	On Property
During server install
Authenticated Users				ACTRL_DS_LIST

Table B-5: Permissions granted on the Addressing container
Account	Allow	Deny	Inherit	Right	On Property
During server install
Authenticated Users				STANDARD_RIGHTS_READ \| ACTRL_DS_READ_PROP \| ACTRL_DS_LIST

Table B-6: Permissions set on the Recipient Update Services container
Account	Allow	Deny	Inherit	Right	On Property
During server install
Exchange Domain Servers				DS_AM_FULL_CONTROL

Table B-7: Permissions set on individual administrative groups within the Administrative Groups container
Account	Allow	Deny	Inherit	Right	On Property
During server install (set on attribute msExchPFDefaultAdminACL)
Authenticated Users				Ms-Exch-Create-Public- Folder

Table B-8: Permissions set on the default top-level public folder hierarchy
Account	Allow	Deny	Inherit	Right	On Property
During server install (set on attribute msExchPFDefaultAdminACL)
Authenticated Users				Ms-Exch-Create-Public-Folder

Table B-9: Permissions set on the CA container
Account	Allow	Deny	Inherit	Right	On Property
During KMS install
MACHINE$				DS_AM_FULL_CONTROL
Authenticated Users				STANDARD_RIGHTS_READ \| ACTRL_DS_READ_PROP

Table B-10: Permissions set on the Connections container within each routing group
Account	Allow	Deny	Inherit	Right	On Property
During server install
Exchange Domain Servers				DS_AM_FULL_CONTROL

Категории