Microsoft KB Archive/256131

From BetaArchive Wiki
Knowledge Base

Restricting users from creating top-level folders in Exchange 2000 Server

Article ID: 256131

Article Last Modified on 2/26/2007


  • Microsoft Exchange 2000 Server Standard Edition

This article was previously published under Q256131


By default, all users of Microsoft Exchange 2000 Server have permission to create top-level folders. You can set this extended right on the Security page of the properties of the organization container.


If you do not want to grant all users the permission to create top-level public folders, modify the permissions as follows:

  1. Open the properties of the Organization object, and then click the Security tab.

    NOTE: In order to display the Security Tab, you have to add the following registry entry:

    Open Regedt32.


    Click Edit, add Value, and then click DWORD value in the file menu.

    Type the value:


    and set the value to 1
  2. Click to clear the "allow" permission on the Everyone security principal for the "Create Top Level Public Folder" right.

NOTE: When a new Exchange server is added to an organization, the Everyone Security Principle permission to Create Top Level Public Folder is reset to "allow". Thus, after any new Exchange install into an Organization, you must click to clear the "Create Top Level Public Folder" right for Allow.

NOTE: Some rights take precedence over others. Specifically, "deny" has precedence over "allow," and "explicit permissions" has precedence over "inherited rights."

This behavior is consistent with Microsoft Exchange Server versions 4.x and 5.x. Everyone has the rights to create top-level folders by default.

Additional query words: XADM

Keywords: kbhowto KB256131