Solved

Exchange 2007 Security Templates

Posted on 2009-04-08
8
502 Views
Last Modified: 2012-05-06
Hi All,

I use a 2003 Domain with Exchange 2007.

I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.

What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.

There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.

Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.

Thank you

Pieter
0
Comment
Question by:ppdevries
  • 5
  • 3
8 Comments
 
LVL 5

Expert Comment

by:madhusk
Comment Utility
The templates can be downloaded from the following link.

http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en

It also contains the customization tool to further customize the security templates.

You can use the following site to learn more details.

http://technet.microsoft.com/en-us/library/cc179122.aspx
0
 

Author Comment

by:ppdevries
Comment Utility
Dear Madhusk,

I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.

thanks,

Pieter
0
 
LVL 5

Expert Comment

by:madhusk
Comment Utility
Yes, I assume you want the outlook related settings to be customized for user, If I am wrong, please could you brief the exact requirement what controls you want to give to user.
0
 

Author Comment

by:ppdevries
Comment Utility
Nothing to do with the user.

I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:madhusk
Comment Utility
0
 

Author Comment

by:ppdevries
Comment Utility
Hi Madhusk,

The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.

Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.

 
0
 

Author Comment

by:ppdevries
Comment Utility
Increasing points.

Still have not found a solution.
0
 

Accepted Solution

by:
ppdevries earned 0 total points
Comment Utility
Hi All,

I managed to find the solution for this. To be able to get the list of exchange services that can be used in Group Policy, you need to run MMC from an exchange server and then add the "AD Users and Computers" snap-in.

Then if you right click on an OU that contains your Exchange Servers - Properties>Group Policy>Edit>Computer Config>Windows Settings>Security>System Services> - You will see the Exchange services listed there. Then you can go ahead and configure permission on the services as to who can stop/start these services.

Granted I does not work yet, because if I define settings on the above mentioned I get error with applying the GPO, but at least now I can see the services and just have to figure out how to get the GPO to work.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now