Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

Exchange 2000 permissions on public folders

How do I set permissions on public folders so that certain OU's or Users don't have access to them?
I am using Exchange 2000.
0
The_Master_Chief
Asked:
The_Master_Chief
  • 4
  • 4
  • 2
  • +1
1 Solution
 
mikeleebrlaCommented:
OUs aren't used for security,, you will need to set up a security group for this,,,,but you set up security for public folders from within exchange system manager on the server. From there go to folders, public folders,,, rightclick on the public folder you want to restrict and click properties.. then go to the permissions tab,,, then click on client permissions,, this will open up the page where you set permissions for public folders.. it is pretty self explainetory from there..  hope this helps..
0
 
The_Master_ChiefAuthor Commented:
How would I set up a security group if OU's aren't used for this?
0
 
mikeleebrlaCommented:
on a domain controller,, go to active directory users and computers,,,, from there go to users,, rightclick and choose new,, then security group and add it there
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
hujiCommented:
add all members of this OU to a group and then change the security options for that group.
Huji
0
 
JConchieCommented:
In a little more detail, you create a local group for a particular resoure(s), give it permissions to the resource. Then create  a global group and add it to the membership of the local groups of the resources that you want members of the global  group to have access to.......then add individual users to the security group.

0
 
JConchieCommented:
a little more background........the different types of security groups are used to set access permissions for resources.
OUs are used to organize users and/or computers so that you can regulate that particular unit (not group) through group policy.  As usual MS's terminology seems designed to confuse.
0
 
The_Master_ChiefAuthor Commented:
Let me see if I got this...

Example:
I have an OU for a location in California that I do NOT want to have access to any public folders.
I have many other locations throughou tthe country with corresponding OU's that CAN have access to the public folders.

All I have to do is:

1) Create a security group for public folders
2) Assign all of the members of that California OU to the securty group
3) Add the new public folders security group to the client permissions of the corresponding public folders and specify the rights for that group.

Is that correct?
0
 
JConchieCommented:
That's one way to do it..........put the users from the california ou into the security group, then *Deny* access for that security group on the public folders........you can make your life easier down the road if you create local group and give it access to the folders, then put your "Deny" global group into the membership of the local group.

The other way around would be to put all the users you want to have access into the global group and give it full access.

The point of all this is that in a resource (in your case, the public folder)  that has several layers of sub-folders and a lot of folders.........if you give individual users security rights on the root folder, every time you add or delete a user, you have to push the new settings down to all the sub-folders and files....which can take a lot of time on a large resource.......but if the security group has the permissions, adding or removing a user from membership in the group requires no further action on the permissions.
0
 
The_Master_ChiefAuthor Commented:
Well I created a global security group called "Public Folders Deny".
I added one user for testing purposes and went to exchange system manager > the public folders store and under security I added the new deny group and set to deny all.  That did not prevent the user from opening that public folders.  

However, when I added the deny group to an individual public fiolder's client permissions and denied there, the user was unabel to access that particular public folder.  

How can I make it so that group can't access anypublic folders?

I am not worried about the points becase JConchie answered my question, but a little more detail on this would be great.
0
 
JConchieCommented:
Don't think you can do this on the Store itself......drop down one more level to the "Public Folders" object and try setting it there.........but it may be that you have to do it folder by folder........if you have folders that were created by users rather than by an admin, they own the folder and may have set permissions to deny inheritance from above.
0
 
The_Master_ChiefAuthor Commented:
I was not able to set permissions on the sub folder

 - Public Folder Store (server name)
     |
      - Public Folders

I will have to do it to individual folders.
Thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now