Friday, July 25, 2008

Grant permission to change permission on mailboxes

To change mailbox permission on an Exchange 2003 mailboxes you must have the Exchange Full Administrator right. In many organizations there is just a few people that have this right, but the need to change mailbox permission is quite big, often the need is to give Full mailbox access to a user on a mailbox that is unmonitored.

And there we have a conflict, do we trust helpdesk or a novice Exchange administrator to have the Full Exchange Administrator permission? probably not. So what can be done?

Luckily there is a way to grant the permission to change permission on mailboxes without being the big Exchange administrator, sort of.

Use Exchange Management Console, drill down to a mailbox database, right click and click properties and select the security tab, add the helpdesk group and select Allow only Change Permission and Administer Information Store.
Change Permission will inherit down to mailboxes. The helpdesk group must also have Active Directory permission to manage user account. This is done with normal AD delegation.
Unfortunately helpdesk group must also have Administer Information Store permission to get what we want. With this right they can also dismount and mount that database.

Two links that help you understand things better.
http://support.microsoft.com/kb/329236
http://technet.microsoft.com/en-us/library/bb124053.aspx

This is not the ideal solution, but if there is a need for setting mailbox permission without being Full Exchange Administrator, this solution can help.

Thursday, July 17, 2008

Automatic installation of Rollups with Exchange 2007

Have you ever gotten tired of applying Service Packs or hotfixes after you installed Exchange? With Exchange 2007 you can do this automatically.
Copy complete Exchange DVD to a folder and then copy the rollup fix to the updates folder. Finished result looks like this.

2008-05-02 19:26 DIR scripts
2008-05-02 19:26 DIR Setup
2008-05-02 19:30 DIR Updates
2007-11-27 09:29 21244928 exchangeserver.msi
2007-11-27 09:29 63 autorun.inf
2007-11-27 09:29 361472 setup.com
2007-11-27 09:29 9228 relnotes.htm
2007-11-27 09:29 519296 setup.exe


In the updates folder you have readme.txt plus the rollup patch file.

2008-07-16 18:14 35991040 Exchange2007-KB949870-x64-EN.msp
2007-11-27 09:30 60 readme.txt

so when you run setup and install Exchange, the setup process will automatically apply the patch in the updates folder.
Pretty slick if you ask me

Thursday, July 3, 2008

ISA server 2006 SP1 is released

Finally ISA 2006 SP1 is released to public. It contains many new features such as Diagnistic log viewing, Traffic Simulator, better NLB support, better Kerberos Constrained Delegation support, support for client cert authentication without domain join, Configure Change Tracking log, support for SAN certificates which is a big thing for Exchange 2007 and OCS 2007 servers.
Read these articles before installing http://support.microsoft.com/kb/885957
Here is the update http://www.microsoft.com/downloads/details.aspx?FamilyID=d2feca6d-81d7-430a-9b2d-b070a5f6ae50&DisplayLang=en