Solved

organisation management 2013

Posted on 2015-02-17
2
58 Views
Last Modified: 2015-02-25
In relation to the group/role "organisation  management" in exch2013, what permissions does this give the user, and what types of user typically require this permission? Or put another way, what could a malicious user do to your exchange environment if they got hold of an account with organisation management permissions.

I am reviewing security permissions and noticed generally the whole IT section (25+ employees) have been added organisation permissions - but I need to determine if this is common, or if you have only a few trusted users with organisation management permissions - and if so for what tasks do they require such access.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 40614323
Org Management, is the top level administrative Group for Exchange 2013 (think of it as a domain admin account for an AD Domain). Users/Group that are associated with this built-in group have access to perform any administrative task in your Exchange Organization. If you have Users that are not Exchange Admins in your environment I would not have them part of this group.

Take a look at the technet below which explains Org Management Group in more detail.
https://technet.microsoft.com/en-us/library/dd335087%28v=exchg.150%29.aspx

Will.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 250 total points
ID: 40614381
I am reviewing security permissions and noticed generally the whole IT section (25+ employees) have been added organisation permissions
That's way too many people. As Will has outlined above, the Organization Management group has almost complete access to your Exchange environment so only add the users that need to be in this group. For all others I would look at creating some custom RBAC roles and applying only the required access to these roles.

Start off here first to get a better understanding of the RBAC model in Exchange: https://technet.microsoft.com/en-us/library/dd298183(v=exchg.150).aspx

This article walks you through the process of creating a custom RBAC role group and adding specific permissions to this group so as to limit what users can do. Note that this is a four-part article: http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/rbac-made-easy-part1.html
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question