Restricting users from creating top-level folders in Exchange 2000 Server (256131)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q256131

SUMMARY

By default, all users of Microsoft Exchange 2000 Server have permission to create top-level folders. You can set this extended right on the Security page of the properties of the organization container.

MORE INFORMATION

If you do not want to grant all users the permission to create top-level public folders, modify the permissions as follows:
  1. Open the properties of the Organization object, and then click the Security tab.

    NOTE: In order to display the Security Tab, you have to add the following registry entry:

    Open Regedt32.

    HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin

    Click Edit, add Value, and then click DWORD value in the file menu.

    Type the value:

    ShowSecurityPage

    and set the value to 1
  2. Click to clear the "allow" permission on the Everyone security principal for the "Create Top Level Public Folder" right.
NOTE: When a new Exchange server is added to an organization, the Everyone Security Principle permission to Create Top Level Public Folder is reset to "allow". Thus, after any new Exchange install into an Organization, you must click to clear the "Create Top Level Public Folder" right for Allow.

NOTE: Some rights take precedence over others. Specifically, "deny" has precedence over "allow," and "explicit permissions" has precedence over "inherited rights."

This behavior is consistent with Microsoft Exchange Server versions 4.x and 5.x. Everyone has the rights to create top-level folders by default.
Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kbhowto KB256131
©2004 Microsoft Corporation. All rights reserved.