Microsoft KB Archive/329597

= XADM: Security Permissions Change When You Move a Database File to Another Folder =

Article ID: 329597

Article Last Modified on 2/27/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q329597





SYMPTOMS
When you move an Exchange database to another folder on the computer, the security permissions on the database file may change.



CAUSE
This behavior occurs because the Exchange 2000 database files inherit the permissions of the folder to which they are moved.



WORKAROUND
To work around this problem, verify the Access Control List (ACL) entries of the database files after you move them. You can use Windows Explorer or the Cacls.exe command-line utility to re-assign security permissions. The following security permissions are assigned to the Exchange database files in a default installation:

'''NT AUTHORITY\Authenticated Users: Read permissions

BUILTIN\Server Operators: Change permissions

BUILTIN\Administrator: Full Control permissions

NT AUTHORITY\SYSTEM: Full Control permissions'''

To view these permissions, you can use the Cacls.exe command-line utility. For example, you might use the cacls &quot;c:\program files\exchsrvr\mdbdata\priv1.stm&quot; command.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
When you run the Cacls.exe command before you move the database file, the following list of default permissions may be returned:

'''NT AUTHORITY\Authenticated Users:R

BUILTIN\Server Operators:C

BUILTIN\Administrator:F

NT AUTHORITY\SYSTEM:F'''

However, when you next run the Cacls.exe command after you move the database to a folder where everyone has full control permissions, a list of permissions similar to the following may be displayed:

Everyone:F

309718 XADM: Account Operators Can Obtain Access to All of the Mailboxes

282496 XADM: Considerations and Best Practices When Resetting an Exchange Mailbox Database

For more information about security and Exchange 2000, view the following Microsoft Web sites:

About Access Control Lists

Security Operations Guide for Exchange 2000 Server

Keywords: kbbug kbpending kbui KB329597

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.