Re: Exchange 2000 & Administrator Rights

From: Dave Howe [MSFT] (daveh_at_online.microsoft.com)
Date: 05/10/04

Next message: Dave Howe [MSFT]: "Re: NSPI Proxy"
Previous message: gjb: "NSPI Proxy"
In reply to: Philip Amos: "Exchange 2000 & Administrator Rights"
Next in thread: Philip Amos: "Re: Exchange 2000 & Administrator Rights"
Reply: Philip Amos: "Re: Exchange 2000 & Administrator Rights"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 10 May 2004 11:08:07 -0400

On Thu, 6 May 2004 16:27:31 +0100, "Philip Amos"
<someone@somewhere.com> wrote:

>Can anybody please tell me why a user which has been delegated the Exchange
>Full Administrator right still needs to be a member of the local machines
>Administrator group??
>
>What I would idealy like to do if specifically grant rights over the
>necessary objects withing the directory\file system\registry etc to my
>Exchange administrators and not have them as members of the Administrators
>group. The reason for this is that Exchange 2000 is installed on some
>Domain Controllers and the local Administrators group is the one in the
>Domain which then grants people rights over other stuff that I do not want
>them to have access to.
>
>The problem is that I have been unable to find any documents either in
>TechNet or on the web which explain what rights a member of the local
>Administrators group gets over Exchange which make membership of this group
>necessary and would appreciate it if somebody can tell me what rights I need
>to grant.

Can you explain exactly what kind of rights would you want them to
have? Strictly mailbox creation, or do you want them to have the
ability to mount/dismount stores, etc.?

---
Dave Howe
Microsoft PSS
This posting is provided "AS IS" with no warranties, and confers no rights.

Next message: Dave Howe [MSFT]: "Re: NSPI Proxy"
Previous message: gjb: "NSPI Proxy"
In reply to: Philip Amos: "Exchange 2000 & Administrator Rights"
Next in thread: Philip Amos: "Re: Exchange 2000 & Administrator Rights"
Reply: Philip Amos: "Re: Exchange 2000 & Administrator Rights"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: cannot add local user to local group
... You can control the Local Administrators group with the Restricted Groups Policy. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... One local user account "test" and one domain user ... "Member of" tab is empty. ...
(microsoft.public.win2000.active_directory)
Re: Reply to address for distribution group
... You need to grant yourself "Send As" rights on the ... then use the From field in Outlook and put the group name in ... > am a member of. ...
(microsoft.public.exchange.admin)
Re: delegate control to one group
... for that the user needs write/read permission on the member attribute of the ... * This posting is provided "AS IS" with no warranties and confers no rights! ... > I don't want to grant full control if I don't have to. ...
(microsoft.public.windows.server.active_directory)
Re: cannot add local user to local group
... he is controlling the local administrators group. ... no rights. ... So you have to check if the account ... "Member of" tab is empty. ...
(microsoft.public.win2000.active_directory)
Re: Administrators v Administrator security differences
... The administrator is a member of the administrators group but the ... administrator account may have different permissions and rights than the ...
(microsoft.public.win2000.security)