ppdevries
asked on
Exchange 2007 Security Templates
Hi All,
I use a 2003 Domain with Exchange 2007.
I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.
What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.
There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.
Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.
Thank you
Pieter
I use a 2003 Domain with Exchange 2007.
I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.
What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.
There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.
Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.
Thank you
Pieter
ASKER
Dear Madhusk,
I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.
thanks,
Pieter
I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.
thanks,
Pieter
Yes, I assume you want the outlook related settings to be customized for user, If I am wrong, please could you brief the exact requirement what controls you want to give to user.
ASKER
Nothing to do with the user.
I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"
I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"
This should help you.
http://www.msexchange.org/tutorials/Securing-Exchange-2007-Edge-Transport-Servers.html
http://www.msexchange.org/tutorials/Securing-Exchange-2007-Edge-Transport-Servers.html
ASKER
Hi Madhusk,
The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.
Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.
The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.
Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.
ASKER
Increasing points.
Still have not found a solution.
Still have not found a solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en
It also contains the customization tool to further customize the security templates.
You can use the following site to learn more details.
http://technet.microsoft.com/en-us/library/cc179122.aspx