Note - In previous versions of Outlook, when security settings were published in a form in Exchange Server public folders, users who needed these settings required the HKEY_CURRENT_USER\Software\Policies\Microsoft\Security\CheckAdminSettings registry key to be set on their computers for the settings to apply. If you disable or do not configure this policy setting, Outlook users can configure security for themselves, and Outlook ignores any security-related settings that are configured in Group Policy.
Important - You must enable this policy setting if you want to apply the other Outlook security policy settings mentioned in this guide. * Use Outlook Security Group Policy - Outlook uses security settings from Group Policy. * Use Security Form from 'Outlook 10 Security Settings' Public Folder - Outlook uses the settings from the security form published in the designated public folder. * Use Security Form from 'Outlook Security Settings' Public Folder - Outlook uses the settings from the security form published in the designated public folder. Users can configure security themselves, and Outlook ignores any security-related settings configured in Group Policy.
If you enable this policy setting, you can choose from four options for enforcing Outlook security settings: * Outlook Default Security - This option is the default configuration in Outlook. Basic Public Folder control is granted such as creating and deleting public folders and controlling folder attributes, like quotas and access.This policy setting controls which set of security settings are enforced in Outlook. This role allows delegation of administration of public folders without allowing any other Exchange administration permissions. Exchange Public Folder AdministratorsĪdded with Exchange 2007 service pack 1, the name basically says it all. They can verify settings, but can not change or add any settings. This role allows read access only to Exchange organization container and containers with Exchange recipients in AD. This requires setup with the PrepareDomain switch in every domain where Exchange users exist. They have read access to the Domain Users container in AD with write access to Exchange attributes. Exchange Recipient AdministratorsĪs the name suggests, this role is assigned for administrators to manage Exchange recipients. Any global settings affecting the Exchange organization will require this role, including the ability to assign other Exchange Administrator roles. This is the grand daddy of Exchange administrator roles with authority over the entire Exchange organization. The ServerAdmin role requires assigning the -scope parameter as well defining the server for the role. Again, the latter is added with Exchange 2007 sp1. The different roles for this cmdlet are listed as OrgAdmin, ServerAdmin, RecipientAdmin, ViewOnlyAdmin, and PublicFolderAdmin. > Add-ExchangeAdministrator -Identity “domain/org_unit/username” -Role “admin_role_name” Adding an Exchange Administrator role is done as follows: Of course, everything you can do in the EMC you can accomplish using PowerShell cmdlets. Membership in these groups forms the roles assigned through Exchange 2007.Īssigning Exchange administrator roles can also be done using the Exchange Management Shell. When Exchange is installed, it adds a container in Active Directory called Microsoft Exchange Security Groups. The Exchange Server Administrator role is not so much a formal role as a means of restricting another role, especially the View Only Administrator role, to a single Exchange server or servers. If Exchange Server Administrators is selected, then the section to select an Exchange Server is activated. You can only assign a single role at a time as well. You would use the interface once for each user or group you want to assign an administrator role to. In the GUI, you have to select the user or group using the navigation window, and you can not assign multiple users or group objects at one time. Select the user or group to assign the role to.