How to: remove user permission from the create top-level public folder in Exchange 2000 and in Exchange 2003

To keep the number of public folder hierarchies in your organization to a manageable size, you can prevent users from creating top-level public folders. Because the Everyone group in Exchange is granted the Create top-level public folder permission by default, you must remove this permission manually.

Remove User Permission from the Create Top-Level Public Folder

There are two methods to remove this permission. In the first method, if you have purchased Exchange 2003, you may run the setup/forestprep command. The Exchange 2003 setup/forestprep command not only updates the schema; it also modifies permissions to the organization so that users who do not have administrator accounts cannot create top-level public folders. In the second method, if you have not purchased Exchange 2003, you can remove the top-level public folder creation permission manually. The process below discusses how to use Exchange System Manager in Exchange 2000 to remove the permission manually.

Note Even if you remove the Create top-level public folder permission at the organizational level through either of these two methods, the permission is restored when you add a new server that is running Exchange 2000 to the organization. If you add a new server that is running Exchange 2000, you must remove the permission manually at the organizational level again, or you must run the Exchange 2003 setup/forestprep command. To remove the permission manually by using Exchange System Manager, you must first add the ShowSecurityPage entry to the registry. When you add the ShowSecurityPage entry to the registry, the organization's Properties dialog box displays the Security tab. By default, the Security tab does not appear; therefore you must first add it.

Note For information about how to edit the registry, see "Change Keys and Values" in Help in Regedit.exe. In Help in Regedt32.exe, see "Add and Delete Information in the Registry" and "Edit Registry Information." If you are running Microsoft Windows NT or Microsoft Windows 2000, update your Emergency Repair Disk (ERD) also.

Add the ShowSecurityPage Entry to the Registry

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

1. Start Registry Editor: On the Start menu, click Run, type regedit, and then click OK.
2. Locate the following key in the registry:
   KEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin
3. To add the ShowSecurityPage DWORD value, click Edit, click New, and then click DWORD Value.
4. For the new value name, type: ShowSecurityPage
5. Double-click ShowSecurityPage, and then type 1 in Value data. Go to the next procedure.

Remove the Create Top-Level Public Folder Permission

1. Start System Manager: On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Right-click the organization, and then click Properties.
3. Click the Security tab.
4. Under Name, click Everyone.
5. Under Permissions, scroll to Create top level public folder.
6. In the Allow column, click to clear the check box.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base: