Microsoft KB Archive/251606
Article ID: 251606
Article Last Modified on 10/25/2007
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange Server 2003 Standard Edition
- Microsoft Exchange 2000 Enterprise Server
- Microsoft Exchange 2000 Server Standard Edition
This article was previously published under Q251606
After a user creates a public folder, when you use Exchange System Manager or Microsoft Outlook to view the client permissions of the folder, the user appears as the owner of the public folder.
If you select the public folder in Exchange System Manager, click Properties, click the Permissions tab, and then click Client Permissions, you expect to find that the user is the owner of the public folder. However, you obtain the Microsoft Windows NT security descriptor for the owner instead of the MAPI permissions. The Windows NT security descriptor indicates that the Builtin\Administrators group is the owner of the object. If the server that is running Microsoft Exchange is a domain controller, the security descriptor indicates that the Domain\Administrators group is the owner of the object. Therefore, the Windows NT security descriptor appears to be incorrect.
The Windows NT security descriptor is designed to work in this way. On the Client Permissions tab, Owner is actually a set of rights. The owner in the Windows NT security descriptor is the name of the user who owns the object. If the user is a member of the Administrators group, the whole group is considered to be the owner of the object.
Using the Windows NT security descriptor to modify permissions on a public folder is the same as modifying the permissions through drive M. This practice is strongly discouraged because after you modify permissions in this manner, you cannot set client permissions for public folders by using Exchange System Manager or Outlook.
For additional information and a complete explanation of access control lists (ACL) on public folders in Microsoft Exchange 2000, click the following article number to view the article in the Microsoft Knowledge Base:
330508 Access control lists in Exchange public folders
Note By default, drive M does not exist in Microsoft Exchange Server 2003. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
821836 Drive M mapping to IFS is not present by default in Exchange Server 2003
Modifying the Windows NT security descriptor on permissions for Exchange 2000 public folders is the same as modifying the permissions by using Windows Explorer on drive M. For additional information about the problems that may occur when you modify the Windows NT Security Descriptor and how to resolve those problems, click the following article numbers to view the articles in the Microsoft Knowledge Base:
270905 XADM: Unable to set client permissions on public folders through Exchange System Manager
313333 XADM: Error message when you set permissions on public folders: Invalid Windows handle ID no: 80040102 Exchange System Manager
Additional query words: XADM ESM
Keywords: kbprb KB251606