Configuring Permissions in Exchange ServerWord文档格式.docx
- 文档编号:22359865
- 上传时间:2023-02-03
- 格式:DOCX
- 页数:59
- 大小:45.07KB
Configuring Permissions in Exchange ServerWord文档格式.docx
《Configuring Permissions in Exchange ServerWord文档格式.docx》由会员分享,可在线阅读,更多相关《Configuring Permissions in Exchange ServerWord文档格式.docx(59页珍藏版)》请在冰豆网上搜索。
Thisdocumentisapermissions-specificcompilationofseveralExchange2007Helptopicsandisprovidedasaconvenienceforcustomerswhowanttoviewthetopicsinprintformat.Toreadthemostup-to-dateHelptopics,visittheExchangeServer2007Library.
Informationinthisdocument,includingURLandotherInternetWebsitereferences,issubjecttochangewithoutnotice.Unlessotherwisenoted,thecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,places,andeventsdepictedinexampleshereinarefictitious.Noassociationwithanyrealcompany,organization,product,domainname,e-mailaddress,logo,person,place,oreventisintendedorshouldbeinferred.Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
©
2006MicrosoftCorporation.Allrightsreserved.
Microsoft,MS-DOS,Windows,WindowsMedia,WindowsMobile,WindowsNT,WindowsPowerShell,WindowsServer,WindowsVista,ActiveDirectory,ActiveSync,Excel,Forefront,InternetExplorer,Outlook,SmartScreenandVisualBasicareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
Contents
WhenplanninghowtointegrateExchange2007intoyourActiveDirectoryservicestructure,considertheadministrativemodelinyourorganization.WithExchange2007,youhaveflexibilityinhowyouassignpermissionstoadministrators.InmanyExchangeorganizations,especiallyinmediumandlargeorganizations,theremaybemorethanoneExchangeadministrator.Becausetheseadministratorscanperformaspecificsetofadministrationtasks,Exchange2007providespredefinedadministratorrolesandasplitpermissionsmodelthatallowyoutoconfigurespecificpermissionsinActiveDirectoryforvariousadministrativerolesinyourorganization.
ThisdocumentprovidesthefollowinginformationaboutExchange2007permissions:
∙PlanningcontentthatwillhelpyouimplementyourExchange2007permissionsmodel,includingadiscussionofhowtheExchange2007permissionsmodeldiffersfromExchangeServer2003
∙Detailedproceduresthatshowyouhowtoconfigureandmanagedomain,recipient,andpublicfolderpermissions
PermissionConsiderations
WithExchange
2007,youhaveflexibilityinhowyouassignpermissionstoadministrators.Generally,werecommendthatyouconsiderhowthefollowingcapabilitiesofActive
DirectoryandExchange
2007affectthewaythatyouorganizeyouradministrativeroles:
∙AsingleadministratorcanperformtasksforbothMicrosoft
Windows
Server
2003andExchange.
∙YoucansplitpermissionsbetweenExchangeadministratorsandWindowsadministrators.
∙YoucanisolatetheExchangeadministratorrolesandtheWindowsadministratorrolesbyusinganExchangeresourceforest.
ThesectionsinthistopicdescribetheflexibilityofpermissionsconfigurationandtheadministrativerolesavailableinExchange
2007.
UnderstandingtheExchangeandActiveDirectorySplitPermissionsModel
InmanyMicrosoft
Exchangeorganizations,especiallyinmediumandlargeorganizations,theremaybemorethanoneExchangeadministrator.Becausetheseadministratorscanperformaspecificsetofadministrationtasks,Exchange
2007providespredefinedadministratorrolesandasplitpermissionsmodelthatallowyoutoconfigurespecificpermissionsinActive
Directoryforvariousadministrativerolesinyourorganization.InExchange
2007,permissionsonExchangerecipientattributesaregroupedtogether.ThisminimizesthemanualpermissionconfigurationthatyoumustdotosplitExchangepermissionsfromotheradministrativepermissions.Formoreinformationabouthowtoplanandimplementyourpermissionsmodel,seePlanningandImplementingaSplitPermissionsModel.
ChangestotheSecurityandPermissionModel
ThesecurityandpermissionsmodelfromExchange
2003haschangedforExchange
2007.ThissectionprovidesinformationaboutthechangestotheExchangepermissionsmodelanddescribesthedifferences.
PropertySets
ApropertysetisagroupingofActive
Directoryattributes.YoucancontrolaccesstothisgroupingofActive
Directoryattributesbysettingoneaccesscontrolentry(ACE)insteadofsettinganACEoneachproperty.ThepropertysetthatgroupsallExchangerecipientattributesiscallede-mailinformation.
Note:
Exchange
2003securitygroupsthathadpermissiontoaccesstherecipientpropertiesonExchange
2003serverswillhavepermissiontoaccesstheExchange
2007e-mailinformationpropertyset,aslongasyouuseExchange
2007S
orS
withthe/PrepareADparametertoupdatetheActive
Directoryschema.
Formoreinformationonpropertysets,seePropertySetsinExchange2007.
Exchange2003SecurityandPermissionsModel
Tohelpsimplifymanagementofpermissions,Exchange
2003providedpredefinedsecurityrolesthatwereavailableinthe
2003
AdministrativeDelegationWizard.Theseroleswereacollectionofstandardizedpermissionsthatcouldbeappliedateithertheorganizationortheadministrativegrouplevel.
InExchange
2003,thefollowingsecurityroleswereavailablethroughtheDelegationWizardinExchangeSystemManager:
∙ExchangeFullAdministrator
∙ExchangeAdministrator
∙ExchangeViewOnlyAdministrator
Thismodelhadthefollowinglimitations:
∙Alackofspecificity.TheExchangeAdministratorgroupwastoolarge,andsomecustomerswantedtomanagetheirsecurityandpermissionsmodelattheindividualserver-level.
∙AperceptionthattheExchange
2003securityrolesonlydifferedinsubtleways.
∙TherewasnoclearseparationbetweenadministrationofusersandgroupsbytheWindows(Active
Directory)administratorsandExchangerecipientadministrators.Forexample,toperformExchangerecipientrelatedtasks,youhadtograntExchangeadministratorshighlevelpermissions(AccountOperatorpermissionsonWindowsdomains).
Exchange2007SecurityandPermissionsModel
ToimprovethemanagementofyourExchangeadministratorroles,whichwerecalled"
securitygroups"
inExchange
2003,thefollowingneworimprovedfeatureshavebeenmadetotheExchangesecurityandpermissionsmodel:
∙Newadministratorrolesthataresimilartothebuilt-inWindows
Serversecuritygroups.Formoreinformationabouttheseadministratorroles,see"
AdministratorRolesinExchange
2007"
laterinthistopic.
∙YoucanusetheExchangeManagementConsole(formerlyExchangeSystemManager)andtheExchangeManagementShelltoview,add,andremovemembersfromanyadministratorrole.
AdministratorRolesinExchange2007
2007hasthefollowingpredefinedgroupsthatmanageExchangeconfigurationdata:
∙ExchangeOrganizationAdministrators
∙ExchangeRecipientAdministrators
∙ExchangeView-OnlyAdministrators
DuringtheExchangeSetup/PrepareAD
phase(theorganization-preparationphasethatissimilartoExchange
2003ForestPrep),
theseExchangeAdministratorroles(exceptExchangeServerAdministrators)arecreatedinanewMicrosoft
Exchangesecuritygroup'
s
organizationalunit
(OU)thatislocatedinthedomainwhere/PrepareADwasrun.
Whenyouaddanadministratorroletoauser,thatuserinheritsthepermissionsthatarepermittedbythatrole.TheseadministratorroleshavepermissionstomanageExchangedatainActive
Directory.TherearethreetypesofExchangedatathatcanbemanagedbythesegroups:
∙GlobalData
ThisisdatainanActive
Directoryconfigurationcontainerthatisnotassociatedwithaparticularserver.Thisdataincludes,butisnotlimitedto,mailboxpolicies,addresslists,andExchangeUnifiedMessagingconfiguration.Globaldatagenerallyaffects
thewholeorganizationandcanpotentiallyaffectallusers.Asabestpractice,allowonlyafewtrusteduserstoconfigureorchangeglobaldata.
∙RecipientData
RecipientsinExchangeareActive
Directoryuserobjectsthatcanreceiveorsende-mailmessages.Examplesofrecipientdataincludemail-enabledcontacts,distributiongroups,mailboxes,andspecificrecipienttypessuchaspublicfolderproxyobjects.
∙
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Configuring Permissions in Exchange Server
![提示](https://static.bdocx.com/images/bang_tan.gif)
链接地址:https://www.bdocx.com/doc/22359865.html