Recipe 9.11. Controlling Who Can Create Top-Level Public FoldersProblemYou want to prevent random users from creating top-level public folders in your public folder hierarchy. SolutionUsing a graphical user interface
DiscussionExchange 5.5 and Exchange 2000 give all users the ability to create top-level public folders (e.g., folders that appear directly in the hierarchy, not as children of other folders). This was widely misused by people who thought it would be jolly good fun to create public folders for jokes, personal documents, and other miscellany; the resulting clutter turned many sites off to the benefits of public folders. Exchange Server 2003 limits top-level folder creation to administrators by default. However, Exchange 2000 installations don't have this same default setting. When you run Exchange Server 2003 forestprep, setup removes the permission to create top-level folders from the Everyone and ANONYMOUS LOGON user tokens on the organization object; this protects you whether you're doing a new installation or an upgrade. However, if you then install an Exchange 2000 server into the organization, Exchange 2000's setup utility will merrily reinstate those permissions, which means you'll need to go back and remove them again. See AlsoRecipe 2.4 for running Exchange forestprep, and MS KB 822576 ("Allow Create Top Level Public Folder" Access Control Entry for the Exchange Organization Container Unexpectedly Includes the Everyone and the Anonymous Logon Groups) |