Inherited permission in Exchange 2003
Hi guys,Guyshow can I removed the inherited permission from the server or mailbox level in Exchange 2003 server? Can I remove the Enterprise Admin and Forest Admin groups from them also? can we do it from the Server or Mailbox security property tab? What is the best way. Thanks in advance.
July 16th, 2008 1:42am
Hi Zali,
This is a loaded question. Technically you can do this however you need to be very carefull if you do because things could break also if you call MS for support on a problem they may have you add the permissions back in once they realize that the default permissions have been changed.
Thanks
Will
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2008 3:31pm
Thanks Will. So you think is there any better way of doing that. We just need to secure our 2nd Exchange server and want to revoked some of the administrators rights from that server. Although we have added that server into a separate administrative groups but some of the administrative accounts have exchange organization level admin control and we cannot removed them from there due to some services. Thanks in advance.
July 16th, 2008 8:27pm
Hi,
To remove the permission of the organization level is not recommended since it will affect the service that Exchange provides.
Thus, I dont recommend to break the current rule. If you need to minimize the permission of the administrator, please try the following steps.
Open ESM, right click First Organization, select Delegate Control, then edit the role of the account, select Exchange View Only Administrator.
Hope that is useful.
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
July 17th, 2008 11:54am