SUMMARY
By default, Exchange 2000 Setup installs Exchange 2000 to
the Program Files folder, which has tighter permissions than the rest of the
file system. However, if a user installs Exchange 2000 in a location other than
the Program Files folder, the installation folder inherits permissions from
that location. Typically, this grants Full Control permissions to that
location.
By default, Microsoft Windows 2000 and Windows .NET inherit
the following permissions from the Program Files folder:
- Local Administrator, System, and Creator Owner inherit Full
Control permissions.
- Terminal Server users and power users inherit Modify
permissions.
- Users inherit Read and Execute permissions.
If Exchange 2000 is installed in another location, permissions
can be modified in the ExchSrvr folder to match the permissions that would have
been inherited from the Program Files folder.
Additionally, Exchange
2000 Setup opens permissions in the Mailroot folder to permit certain
Collaboration Data Object (CDO) calls to work. However, these permissions allow
the server's Simple Mail Tranfer Protocol (SMTP) queues to be viewed by
everyone.
After permissions are restricted, if you require CDO
functionality, you must modify permissions on the Mailroot folder and the
appropriate subfolders. To open the Mailroot folder and permit CDO calls, apply
at least the following permissions:
- Write access to the Pickup folder
- Read access to the Drop folder