Exchange 2007 Security Templates

Hi All,

I use a 2003 Domain with Exchange 2007.

I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.

What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.

There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.

Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.

Thank you

Pieter
ppdevriesAsked:
Who is Participating?
 
ppdevriesAuthor Commented:
Hi All,

I managed to find the solution for this. To be able to get the list of exchange services that can be used in Group Policy, you need to run MMC from an exchange server and then add the "AD Users and Computers" snap-in.

Then if you right click on an OU that contains your Exchange Servers - Properties>Group Policy>Edit>Computer Config>Windows Settings>Security>System Services> - You will see the Exchange services listed there. Then you can go ahead and configure permission on the services as to who can stop/start these services.

Granted I does not work yet, because if I define settings on the above mentioned I get error with applying the GPO, but at least now I can see the services and just have to figure out how to get the GPO to work.
0
 
madhuskCommented:
The templates can be downloaded from the following link.

http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en

It also contains the customization tool to further customize the security templates.

You can use the following site to learn more details.

http://technet.microsoft.com/en-us/library/cc179122.aspx
0
 
ppdevriesAuthor Commented:
Dear Madhusk,

I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.

thanks,

Pieter
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
madhuskCommented:
Yes, I assume you want the outlook related settings to be customized for user, If I am wrong, please could you brief the exact requirement what controls you want to give to user.
0
 
ppdevriesAuthor Commented:
Nothing to do with the user.

I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"

0
 
ppdevriesAuthor Commented:
Hi Madhusk,

The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.

Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.

 
0
 
ppdevriesAuthor Commented:
Increasing points.

Still have not found a solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.