A Note About Interpreting ACL Entries

Previous page
Table of content
Next page

In these tables, I ve listed the rights by the names used on the ADSIEdit Security property page, under the Advanced view, on the View/Edit tab. The ADSIEdit Security property page lists a much more condensed view of the rights. The LDP tool displays the access control list (ACL) as a numerical value that you can interpret by referring to Table B-1. The setup code refers to the rights by predefined constants, which I ve included because they re often referred to in other documents. Extended rights are custom rights specified by Exchange and other applications; they have no meaning to Microsoft Windows, but are stored and persisted just like other ACEs. It s up to each application to enforce extended rights based on the ACE contents it finds. Examples of Exchange extended rights are Create Public Folder, or Create Named Properties in the Information Store.

Table B-1: Permission Names and Numerical Equivalents

ADSIEdit Summary Page

ADSIEdit Advanced Page

Individual Rights

Mask Value in LDP

Full Control

Full Control

WRITE_OWNER WRITE_DAC READ_CONTROL DELETE ACTRL_DS_CONTROL_ACCESS ACTRL_DS_LIST_OBJECT ACTRL_DS_DELETE_TREE ACTRL_DS_WRITE_PROP ACTRL_DS_READ_PROP ACTRL_DS_SELF ACTRL_DS_LIST ACTRL_DS_DELETE_CHILD ACTRL_DS_CREATE_CHILD

0x000F01FF

Read

List Contents plus Read All Properties plus Read Permissions

ACTRL_DS_LIST ACTRL_DS_READ_PROP READ_CONTROL

0x00020014

Write

Write All Properties plus All Validated Writes

ACTRL_DS_WRITE_PROP ACTRL_DS_SELF

0x00000028

 

List Contents

ACTRL_DS_LIST

0x00000004

 

Read All Properties

ACTRL_DS_READ_PROP

0x00000010

 

Write All Properties

ACTRL_DS_WRITE_PROP

0x00000020

 

Delete

DELETE

0x00010000

 

Delete Subtree

ACTRL_DS_DELETE_TREE

0x00000040

 

Read Permissions

READ_CONTROL

0x00020000

 

Modify Permissions

WRITE_DAC

0x00040000

 

Modify Owner

WRITE_OWNER

0x00080000

 

All Validated Writes

ACTRL_DS_SELF

0x00000008

 

All Extended Rights

ACTRL_DS_CONTROL_ACCESS

0x00000100

Create All Child Objects

Create All Child Objects

ACTRL_DS_CREATE_CHILD

0x00000001

Delete All Child Objects

Delete All Child Objects

ACTRL_DS_DELETE_CHILD

0x00000002

 

 

ACTRL_DS_LIST_OBJECT

0x00000080

Permissions on Objects in the Exchange Configuration Tree

  • Table B-2. Permissions set on the Microsoft Exchange container

  • Table B-3. Permissions set on the ADC Connection Agreement container

  • Table B-4. Permissions set on the Organization container

  • Table B-5. Permissions set on the Address Lists container

  • Table B-6. Permissions set on the Addressing container

  • Table B-7. Permissions set on the Recipient Update Services container

  • Table B-8. Permissions set on individual administrative groups within the Administrative Groups container

  • Table B-9. Permissions set on the default top-level public folder hierarchy

  • Table B-10. Permissions set on the Connections container within each routing group

  • Table B-11. Permissions set on the Servers container within each routing group

Permissions on the Server Object and Its Children

  • Table B-12. Permissions set on the Server object

  • Table B-13. Permissions set on the server-specific Protocols container

  • Table B-14. Permissions set on the System Attendant object

  • Table B-15. Permissions set on the MTA object

Permissions on Other Objects in the Configuration Tree

  • Table B-16. Permissions set on the Deleted Items container (cn=Deleted Items,cn=Configuration,dc= domain )

  • Table B-17. Permissions set on the Active Directory Connector object (cn=Active Directory Connector,cn=Exchange Settings,cn= server ,cn=Servers,cn= site ,cn=sites,cn=Configuration, )

Permissions on Objects in the Domain Naming Context

  • Table B-18. Permissions set on the Domain container (dc= domain )

  • Table B-19. Permissions set on the domain proxy container (cn=Microsoft Exchange System Objects,dc= domain )

  • Table B-20. Permissions set on the Pre-Windows 2000 “Compatible Access Group (cn=Pre-Windows 2000 Compatible Access, cn=Builtin, dc= domain )

  • Table B-21. Permissions set on the Exchange Enterprise Servers group

  • Table B-22. Permissions set on the Exchange Domain Servers group

Permissions Set on File System Objects

  • Table B-23. Permissions applied to installation directory

  • Table B-24. Permissions applied to mailroot directory

  • Table B-25. Permissions applied to Exchweb directory

  • Table B-26. Permissions applied to Exchweb\Bin directory

  • Table B-27. Permissions applied to Exchweb\Bin\Auth directory

  • Table B-28. Permissions applied to other Exchweb subdirectories



Previous page
Table of content
Next page
Secure Messaging with Microsoft Exchange Server 2003
Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)
ISBN: 0735619905
EAN: 2147483647
Year: 2004
Pages: 189
Authors: Paul Robichaux
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Image Processing with LabVIEW and IMAQ Vision
FileMaker Pro 8: The Missing Manual
Java for RPG Programmers, 2nd Edition
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy