Recipe9.11.Controlling Who Can Create Top-Level Public Folders

Recipe 9.11. Controlling Who Can Create Top-Level Public Folders

Problem

You want to prevent random users from creating top-level public folders in your public folder hierarchy.

Solution

Using a graphical user interface

Launch the Exchange System Manager (Exchange System Manager.msc).
Right-click the Exchange organization object and select Properties.
Switch to the Security tab.
Find and select the Authenticated Users entry in the Group or user name list.
In the Permissions list, ensure that the Allow and Deny checkboxes for the Create top-level public folders permission are both cleared.
Repeat steps 4-5 for the Everyone and ANONYMOUS LOGON user tokens.
Click OK and click OK again.

Discussion

Exchange 5.5 and Exchange 2000 give all users the ability to create top-level public folders (e.g., folders that appear directly in the hierarchy, not as children of other folders). This was widely misused by people who thought it would be jolly good fun to create public folders for jokes, personal documents, and other miscellany; the resulting clutter turned many sites off to the benefits of public folders. Exchange Server 2003 limits top-level folder creation to administrators by default. However, Exchange 2000 installations don't have this same default setting. When you run Exchange Server 2003 forestprep, setup removes the permission to create top-level folders from the Everyone and ANONYMOUS LOGON user tokens on the organization object; this protects you whether you're doing a new installation or an upgrade. However, if you then install an Exchange 2000 server into the organization, Exchange 2000's setup utility will merrily reinstate those permissions, which means you'll need to go back and remove them again.