Solved

Exchange 2007 Security Templates

Posted on 2009-04-08
8
506 Views
Last Modified: 2012-05-06
Hi All,

I use a 2003 Domain with Exchange 2007.

I need to know if there are any Exchange 2007 Security Templates available that can be imported into Group Policies.

What I want to achieve is the following:
- Setup permissions in "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services" to allow non admin users the ability to restart certain services.

There is a long list of services in there that you can use to configure specific permissions on who is allowed to restart services. Unfortunately there is no Exchange services in there. As I understand, there is a security template available for Exchange 2003, that will add the services for 2003, but I am unable to find such a template for 2007.

Can any one please advise if such a template exist and where it can be found. Or, if there is another way of adding services.

Thank you

Pieter
0
Comment
Question by:ppdevries
  • 5
  • 3
8 Comments
 
LVL 5

Expert Comment

by:madhusk
ID: 24094739
The templates can be downloaded from the following link.

http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en

It also contains the customization tool to further customize the security templates.

You can use the following site to learn more details.

http://technet.microsoft.com/en-us/library/cc179122.aspx
0
 

Author Comment

by:ppdevries
ID: 24095156
Dear Madhusk,

I downloaded the above templates, but there is no templates in there for Exchange 2007. It seems to be all office related.

thanks,

Pieter
0
 
LVL 5

Expert Comment

by:madhusk
ID: 24095210
Yes, I assume you want the outlook related settings to be customized for user, If I am wrong, please could you brief the exact requirement what controls you want to give to user.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:ppdevries
ID: 24095397
Nothing to do with the user.

I need to add "Exchange Services" to: "GPO Editor/Computer Configuration/Windows Settings/Security Settings/System Services"

0
 
LVL 5

Expert Comment

by:madhusk
ID: 24096739
0
 

Author Comment

by:ppdevries
ID: 24103712
Hi Madhusk,

The SCW is all to do with hardening the the network side as far as I know. All I want to do is add services to the list that is already in Group Policy.

Maybe I should try a different direction, like using a script that restart services, that can be run with admin credentials from a workstation. My problem is that I have a bunch of technicians that cant be trusted with domain admin credentials, so even if I give them an account that is a member of domain admin, and the account has also been locked down in the Default Domain Group policy, to prevent it from being used to "log on locally" or "log on through terminal services", they still might abuse it.

 
0
 

Author Comment

by:ppdevries
ID: 24127865
Increasing points.

Still have not found a solution.
0
 

Accepted Solution

by:
ppdevries earned 0 total points
ID: 24145193
Hi All,

I managed to find the solution for this. To be able to get the list of exchange services that can be used in Group Policy, you need to run MMC from an exchange server and then add the "AD Users and Computers" snap-in.

Then if you right click on an OU that contains your Exchange Servers - Properties>Group Policy>Edit>Computer Config>Windows Settings>Security>System Services> - You will see the Exchange services listed there. Then you can go ahead and configure permission on the services as to who can stop/start these services.

Granted I does not work yet, because if I define settings on the above mentioned I get error with applying the GPO, but at least now I can see the services and just have to figure out how to get the GPO to work.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question