I would like information regarding minimum mailbox rights for users who use Outlook both internal and external (pop) and OWA. I want to make sure that our server is as secure as possible. Rick

Have you run the exchange best practices analyzer? (exbpa) You can get it from microsoft.com/downloads . The tool has ahealth check as well as a permissions check for your exchange org.

Thanks for the information. I will try it out!

You really can't lock down particular features of a mailbox for the person that owns it. They either own the mailbox or they don't. You need to focus on securing your perimeter. Here are a few hints: Apply the latest service packs and updates for Exchange and Windows Disable POP3 and require your users to OWA via HTTPS. Implement a reverse proxy server (such as an ISA Server). Put in a separate SMTP message hygiene system in your perimeter network Require strong passwords from all of your users. Make sure that no ports on the Exchange server are directly accessible from the Internet (after you implement a reverse proxy and an SMTP message hygiene system.) Reduce the number of adminsitrators you have in Domain Admins and Administrators and ensure that those accounts have strong passwords. These are just a few things, but they are good starting points for making sure you are not a "low hanging" fruit on the hacker's tree.