Exchange 2003 inherit security

Ok..  I am looking more at individual users in this security.  I don't think I want them there.. expecially ones that no longer work in the organization.

Delegate Control wizard is the first place to look then.

Simon.

I removed the account there but there is still one of those unknown accounts showing up...

Here is a better question.  Who is suppose to be the owner of the exchange organization.  I have a renamed account and I don't know which owener it is suppose to be now...

The main account of the Exchange org is the one that was used to install it. I usually suggest using THE administrator account to install and then you don't get problems later on.

To get access to the org level permissions.

In ESM, right click on the Exchange org and choose Properties. You should see a security tab. If you don't, then you need to enable it.

In the registry, go to Hkey_Current_User, Software,  Microsoft, Exchange, ExAdmin.

Create a new Dword Value of "ShowSecurityPage" and give it a value of 1.

Restart ESM.

Simon.

I see the security and the owner is an account called Justan Kace.  So I am guessing that this is the administrator account renamed.  That is what I am trying to figure out.  I hate when predessors rename system accounts and don't leave a note or something.  I actually disabled that account last week thinking it was a back door account or something.  When I saw it was the owner of exchange I decided to enable it again.  Is there anyway for me to know that it is the administrator account?  I want to rename it back to administrator if it is...

The administrator account is renamed through a security policy.  Go to the Domain Controllers Security Policy and open it to the Security Options object.  One of the security options is "Rename Administrator account" and you'll see it there if it's been changed.

Hope this helps!

Deb

just a simple note: renamimg account does not change its SID....for doamin admins look for SID 500

this comment should not be considered for garding since folks who commented have already given the correct answers.

Where is the domain controllers security policy so I can find "rename administrator account".

You can use the Group Policy Management console, or if that's not installed, you can go to Start/Run, type mmc to create a new management console.  Then, go to Add/Remove Snap-in, and add the Group Policy snap-in. When you add the snap-in, it allows you to specify what policy you want to administer - select the Default Domain Controller policy.

Back to your original question about Exchange security.  Exchange security is set in the Exchange System Manager in the properties of the organization, site, server or information store.  This is where it is inherited from. Then, when you create a mailbox, it inherits those settings, plus the mailbox user is added with the appropriate user rights.

Hope this helps!

Thanks hypercat but I already have the snap in.  And I know how inheritance is performed.  I just don't know where the top level is...  I have tons of accounts in my security tab.  I managed to take off one user in the delegate contrl wizard but it seems as if I have double accounts.. meaning the same accounts in there twice and a few of those s-787897-00001 (made up the number).