Public Folder Permissions, Create Top-Level
Posted on 2004-03-30
Exchange 2000 SP3
Windows 2000 SP3
Migrated from Exchange 5.5 via ADC and Move Mailbox. Last Exchange 5.5 server was removed from the org 1 month ago.
Still running mixed mode. the NT 4 domain where Exchange 5.5 service account is defined is still online.
Clients: Outlook 2000 primarily, and some 2002 and 2003.
I have found various articles describing how to prevent the creation of top-level folders. They seem to cover two methods of setting this permission, 1) Using ADSI Edit, 2) a reg hack on the workstation that allows you to see Security tab at the organizational level in System Manager. Last year I set permissions using ADSI Edit and it worked fine. All other permissions have been managed using the Delegate Permissions wizard. Recently, before I decommissioned the last Exchange 5.5 server, and continuing now, general users are able to create top-level public folders.
The current permissions as pertains to public folders are as follows.
Authenticated Users: None
Everyone: Create public folder; Create named properties in the information store
There are administrative groups in the ACLs that have rights to create top-level public folders. I have verified membership in these groups and have not found anything that includes non-admin users.
Does anybody have any ideas on how users are able to continue adding folders when it appears that the permissions would prohibit this?