Unable to set client permissions on public folders through Exchange System Manager (270905)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q270905

SYMPTOMS

When you are editing client permissions in Exchange System Manager, you may receive the following error message when you try to save the new permissions:
Invalid Window Handle
ID no: 80040102
Exchange System Manager

CAUSE

Although you can use Exchange System Manager, Microsoft Outlook, or Microsoft Windows Explorer for Microsoft Windows 2000 to set the security level on public folders in the Exchange 2000 public folder hierarchy, the tools are not interchangeable.

They are not interchangeable because Windows Explorer uses the Windows 2000 access control list (ACL) format to set security permissions on the MAPI public folder hierarchy, whereas Exchange System Manager and Outlook use the MAPI ACL format.

Exchange Web Storage System can correctly interpret both ACL formats, but the tools are not interchangeable. For this reason, only use Exchange System Manager when you are editing security on the MAPI public folder hierarchy. This behavior does not exist on general purpose or application folder hierarchies. For example, if you originally use Windows Explorer to set permissions on a public folder, and then try to use Outlook or Exchange System Manager to change the settings, you cannot change public folder security until you complete the steps provided in the "Resolution" section of this article. Then only use Outlook or Exchange System Manager to set ACLs on public folders.

RESOLUTION

If the folder in question is a subfolder of the Public Folders folder (Public Folders\Top_Level_Folder), complete the following steps on Top_Level_Folder so that you can use Exchange System Manager to modify permissions.

Note If you reset the permissions on a folder that is not a top-level folder of the Public Folders folder (Public Folders\Top_Level_Folder), you must reset the permissions on all the folders that are above this folder.


Important Make sure that you perform the procedure on a public folder and not the public folder tree. The public folder tree is called Public Folders by default and it is differentiated from normal public folders by a tree symbol in Exchange System Manager. To allow ACLs to be set in Exchange System Manager:
  1. Record the permissions in the Client permissions view in Exchange System Manager.

    You must do so because after you perform this procedure, the only permissions that remain are Default and Anonymous (none).
  2. In Windows Explorer, right-click the appropriate folder, and then click Properties.
  3. Click Advanced, click the Owner tab, and then make sure that the current account has owner rights to the folder.

    The available names of owners appear in the Change owner to dialog box. That folder will become inaccessible after the following steps if the Current owner of this item dialog box is empty or contains an account that is not valid.
  4. On the Security tab, in the Name box, click any accounts that have explicitly-granted permissions, and then click Remove.

    Repeat this step for all accounts to remove any accounts that are explicitly added to this folder.
  5. Click to clear the Allow inheritable permissions from parent to propagate to this object check box, and then click Remove on the Confirmation dialog box. This removes all accounts that have inherited rights at this level.
  6. To save the changes, click OK, and then click Yes when a dialog box with the following message appears: You have denied everyone access to folder. No one will be able to access folder and only the owner will be able to change permissions. Do you wish to continue?"
  7. In Windows Explorer, right-click the folder again, and then click Properties
  8. On the Security tab, click to select the Allow inheritable permissions from parent to propagate to this object check box.
  9. To save the changes, click OK.
  10. In Exchange System Manager, re-add the Client permissions that you recorded in Step 1 to the folder.
If the folder in question is a second level folder of the Public Folders folder (Public Folders\Top_Level_Folder\Second_Level_Folder), complete the following steps so that you can use Exchange System Manager to modify permissions:
  1. Complete the steps above for Top_Level_Folder.
  2. Complete the steps above for Second_Level_Folder.

STATUS

This behavior is by design.
Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kberrmsg kbprb KB270905
©2004 Microsoft Corporation. All rights reserved.