Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

The client permissions of a public folder show a different owner than you expect in Exchange 2000 and Exchange 2003


View products that this article applies to.

This article was previously published under Q251606

↑ Back to the top


Symptoms

After a user creates a public folder, when you use Exchange System Manager or Microsoft Outlook to view the client permissions of the folder, the user appears as the owner of the public folder.

If you select the public folder in Exchange System Manager, click Properties, click the Permissions tab, and then click Client Permissions, you expect to find that the user is the owner of the public folder. However, you obtain the Microsoft Windows NT security descriptor for the owner instead of the MAPI permissions. The Windows NT security descriptor indicates that the Builtin\Administrators group is the owner of the object. If the server that is running Microsoft Exchange is a domain controller, the security descriptor indicates that the Domain\Administrators group is the owner of the object. Therefore, the Windows NT security descriptor appears to be incorrect.

↑ Back to the top


Status

The Windows NT security descriptor is designed to work in this way. On the Client Permissions tab, Owner is actually a set of rights. The owner in the Windows NT security descriptor is the name of the user who owns the object. If the user is a member of the Administrators group, the whole group is considered to be the owner of the object.

↑ Back to the top


More information

Using the Windows NT security descriptor to modify permissions on a public folder is the same as modifying the permissions through drive M. This practice is strongly discouraged because after you modify permissions in this manner, you cannot set client permissions for public folders by using Exchange System Manager or Outlook.

For additional information and a complete explanation of access control lists (ACL) on public folders in Microsoft Exchange 2000, click the following article number to view the article in the Microsoft Knowledge Base:
330508� Access control lists in Exchange public folders


Note By default, drive M does not exist in Microsoft Exchange Server 2003. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
821836� Drive M mapping to IFS is not present by default in Exchange Server 2003


Modifying the Windows NT security descriptor on permissions for Exchange 2000 public folders is the same as modifying the permissions by using Windows Explorer on drive M. For additional information about the problems that may occur when you modify the Windows NT Security Descriptor and how to resolve those problems, click the following article numbers to view the articles in the Microsoft Knowledge Base:
270905� XADM: Unable to set client permissions on public folders through Exchange System Manager
313333� XADM: Error message when you set permissions on public folders: Invalid Windows handle ID no: 80040102 Exchange System Manager

↑ Back to the top


Keywords: KB251606, kbprb

↑ Back to the top

Article Info
Article ID : 251606
Revision : 8
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 496