XADM: How to Prevent Inherited Permissions on Public Folders for All Users (295599)

MORE INFORMATION

When you use Exchange 2000, All Users have the permission to create top-level folders by default and this permission is inherited from the Organization object. This behavior is consistent with previous versions of Microsoft Exchange Server.

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To prevent All Users from inheriting the permission to create top-level public folders, or the permission to create any public folders, perform the following procedure to modify the permissions:

Open ADSI Edit from the Windows 2000 Support Tools, and locate the following item:

1. To locate this item, click to expand each of the following objects:

   Configuration Container [Computer.Domain.Com]
   CN=Configuration, DC=(YourDomainController),DC=com
   CN=Services
   CN=Microsoft Exchange
   CN=(YourOrganization)

2. Right-click CN=(YourOrganization) to locate the properties, and then click the Security tab.
3. Under Names, click the Everyone group.
4. Under Permissions, click to clear the Allow check box, for the Create top level public folder permission.
5. To prevent the users from inheriting the Create Public Folders permission, click to clear the Allow check box, for the Create Public Folders permission.
6. Click Apply, and then click OK.
7. On the Console menu, click Exit.

You can grant explicit rights to any individual user or group on the parent folder or public folder tree that you choose.