?
Solved

Exchange 2007 Security Templates

Posted on 2009-04-08
8
Medium Priority
?
518 Views
Last Modified: 2012-05-06
Hi All,

I use a 2003 Domain with Exchange 2007.

I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.

What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.

There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.

Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.

Thank you

Pieter
0
Comment
Question by:ppdevries
  • 5
  • 3
8 Comments
 
LVL 5

Expert Comment

by:madhusk
ID: 24094739
The templates can be downloaded from the following link.

http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en

It also contains the customization tool to further customize the security templates.

You can use the following site to learn more details.

http://technet.microsoft.com/en-us/library/cc179122.aspx
0
 

Author Comment

by:ppdevries
ID: 24095156
Dear Madhusk,

I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.

thanks,

Pieter
0
 
LVL 5

Expert Comment

by:madhusk
ID: 24095210
Yes, I assume you want the outlook related settings to be customized for user, If I am wrong, please could you brief the exact requirement what controls you want to give to user.
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 

Author Comment

by:ppdevries
ID: 24095397
Nothing to do with the user.

I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"

0
 
LVL 5

Expert Comment

by:madhusk
ID: 24096739
0
 

Author Comment

by:ppdevries
ID: 24103712
Hi Madhusk,

The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.

Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.

 
0
 

Author Comment

by:ppdevries
ID: 24127865
Increasing points.

Still have not found a solution.
0
 

Accepted Solution

by:
ppdevries earned 0 total points
ID: 24145193
Hi All,

I managed to find the solution for this. To be able to get the list of exchange services that can be used in Group Policy, you need to run MMC from an exchange server and then add the "AD Users and Computers" snap-in.

Then if you right click on an OU that contains your Exchange Servers - Properties>Group Policy>Edit>Computer Config>Windows Settings>Security>System Services> - You will see the Exchange services listed there. Then you can go ahead and configure permission on the services as to who can stop/start these services.

Granted I does not work yet, because if I define settings on the above mentioned I get error with applying the GPO, but at least now I can see the services and just have to figure out how to get the GPO to work.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question