Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)

2017-07-07 02:10:07

Permissions listed in this section are applied to objects in the domain naming context.

Table B-18: Permissions Set on the Domain Container (dc= domain )
Account	Allow/Deny	Inherit	Right	Notes
During domainprep
Exchange Enterprise Servers	Allow	Yes	Write Property	Applied to Public-Information (property set); allows maintenance of mail- enabled user attributes
Exchange Enterprise Servers	Allow	Yes	Write Property	Applied to Personal-Information (property set)
Exchange Enterprise Servers	Allow	Yes	Write Property	Applied to groupType property set
Exchange Enterprise Servers	Allow	Yes	Write Property	Applied to displayName property
Exchange Enterprise Servers	Allow	Yes	Manage Replication Topology	Allows RUS to track replication changes
Exchange Enterprise Servers	Allow	Yes	List Contents	Duplicates permissions granted to Pre-Windows 2000 “compatible access group
Exchange Enterprise Servers	Allow	Yes	Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT	Applies to user objects
Exchange Enterprise Servers	Allow	Yes	Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT	Applies to group objects
Exchange Enterprise Servers	Allow	Yes	Modify Permissions	Applies to group objects; allows maintenance of ACLs for groups whose membership is hidden
During domainprep against a Windows Server 2003 schema
Exchange Enterprise Servers	Allow	Yes	Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT	Applies to inetOrgPerson objects

Table B-19: Permissions Set on the Domain Proxy Container (cn=Microsoft Exchange System Objects,dc= domain )
Account	Allow/ Deny	Inherit	Right	Notes
During domainprep
Exchange Enterprise Servers	Allow	Yes	Full Control	Allows adding, deleting, and modifying proxy objects
Exchange Domain Servers	Allow	Yes	Full Control	Allows adding, deleting, and modifying proxy objects
Authenticated Users	Allow	Yes	Read Permissions	Allows access to public folder objects
Authenticated Users	Allow	Yes	Read Property	Applies to garbageCollPeriod property
Authenticated Users	Allow	Yes	Read Property	Applies to adminDisplayName property
Authenticated Users	Allow	Yes	Read Property	Applies to modifyTimeStamp
During domainprep
Authenticated Users	Allow	Yes	Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_OBJECT
During RUS operation
All delegated Full Administrators at organization and administrative group levels	Allow	Yes	Full Control
All delegated Full Administrators at organization and administrative group levels	Allow	Yes	Read PermissionsList ContentsAll Validated WritesRead All PropertiesWrite All PropertiesCreate All Child ObjectsDelete All Child Objects
All delegated org-level and admin- group-level View-Only Admins	Allow	Yes	Read PermissionsRead All PropertiesList ContentsACTRL_DS_LIST_ OBJECT

Table B-20: Permissions Set on the Pre-Windows 2000 “Compatible Access Group (cn=Pre-Windows 2000 Compatible Access, cn=Builtin, dc= domain )
Account	Allow/Deny	Inherit	Right	Notes
During domainprep
Exchange Enterprise Servers	Allow	Yes	Write Property	Applies only to member property; RUS needs this to add Exchange Domain Servers to each domain s pre-Windows 2000 group

Table B-21: Permissions Set on the Exchange Enterprise Servers Group
Account	Allow/Deny	Inherit	Right	Notes
During domainprep
All existing organization- level Full Exchange Admins	Allow		Full Control	Administrators must be able to add or remove machine accounts when running Setup
Exchange Enterprise Servers	Allow		Full Control
During RUS operation
All delegated organization-level Exchange Full Admins	Allow	Yes	Full Control

Table B-22: Permissions Set on the Exchange Domain Servers Group
Account	Allow/Deny	Inherit	Right	Notes
During domainprep
All existing organization- level Full Exchange Admins	Allow		Full Control	Administrators running Setup must be able to change group membership
Exchange Enterprise Servers	Allow		Full Control
During RUS operation
All delegated organization-level Exchange Full Admins	Allow	Yes	Full Control

Категории

Search