Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Shannal L. Thomas
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
 

Controlling Object Visibility in Exchange 2003
Page 1 | Page 2 | Page 3

In this article, you will learn how to control object visibility, including servers, routing groups, admin groups, etc, i.e make objects disappear for certain users within Exchange System Manager.

The scenario that I’m working under is that I have a semi-trusted user who needs access to Exchange System Manager (ESM), either 2000 or 2003 versions. I have run the Delegate Control Wizard and made this person an Exchange View Only Administrator or an Exchange Administrator.

I would like to manipulate permissions to deny rights at a very detailed level, and I know that I am able to view permissions on more objects than usual by enabling the HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin\ShowSecurityPage registry key; however I am still denied a greater level of granularity in the Exchange System Manager MMC. 

Note: Creating a DWORD value called ShowSecurityPage under the HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin\ registry path will expose the security pages for nearly every object that isn’t a container object. If this key is not present or set to 0 security is only visible on, Address Lists, Global Address Lists, Databases (Mailbox stores and Public Folder stores) and  Top Level Public Folder Hierarchy. See KB 259221 for details. Applies to Exchange 2000 and 2003.

For Example: I’d like to hide the Global Settings Tab from my Helpdesk user or group. However Right Clicking on the Global Settings object in ESM does not display object properties, including the security tab. Some other things I’d like to hide are Routing Groups and the Public Folder container – called Folders in ESM – from the helpdesk ESM view. For this level of rights management I can use a third party application, or I can get one for free – ADSIEDIT. Bear in mind that you get what you pay for. ADSIEDIT will do the job, but it doesn’t offer any of the features of a commercial tool, such as auditing, reporting and most importantly rollback to name a few.

If you don’t have ADSIEDIT install a copy by running setup in the Support Tools Directory on your Server 2000 or 2003 installation CD. I’m going to be using ADSIEDIT from Server 2003 Support Tools.

Controlling Object Visibility in Exchange 2003

 Nicolas Blank Page 1 | Page 2 | Page 3

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008