Solved

Exchange 2007 Security Templates

Posted on 2009-04-08
8
509 Views
Last Modified: 2012-05-06
Hi All,

I use a 2003 Domain with Exchange 2007.

I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.

What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.

There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.

Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.

Thank you

Pieter
0
Comment
Question by:ppdevries
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 5

Expert Comment

by:madhusk
ID: 24094739
The templates can be downloaded from the following link.

http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en

It also contains the customization tool to further customize the security templates.

You can use the following site to learn more details.

http://technet.microsoft.com/en-us/library/cc179122.aspx
0
 

Author Comment

by:ppdevries
ID: 24095156
Dear Madhusk,

I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.

thanks,

Pieter
0
 
LVL 5

Expert Comment

by:madhusk
ID: 24095210
Yes, I assume you want the outlook related settings to be customized for user, If I am wrong, please could you brief the exact requirement what controls you want to give to user.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:ppdevries
ID: 24095397
Nothing to do with the user.

I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"

0
 
LVL 5

Expert Comment

by:madhusk
ID: 24096739
0
 

Author Comment

by:ppdevries
ID: 24103712
Hi Madhusk,

The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.

Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.

 
0
 

Author Comment

by:ppdevries
ID: 24127865
Increasing points.

Still have not found a solution.
0
 

Accepted Solution

by:
ppdevries earned 0 total points
ID: 24145193
Hi All,

I managed to find the solution for this. To be able to get the list of exchange services that can be used in Group Policy, you need to run MMC from an exchange server and then add the "AD Users and Computers" snap-in.

Then if you right click on an OU that contains your Exchange Servers - Properties>Group Policy>Edit>Computer Config>Windows Settings>Security>System Services> - You will see the Exchange services listed there. Then you can go ahead and configure permission on the services as to who can stop/start these services.

Granted I does not work yet, because if I define settings on the above mentioned I get error with applying the GPO, but at least now I can see the services and just have to figure out how to get the GPO to work.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question