quinta-feira, 7 de junho de 2012 02:37
Proabaly being over cautious here but it's one I don't want to do wrong. My Exchange 2007 (migrated from Ex2003) reports thsi error when running the Exchange Best Practice Analyzer:
Access control list (ACL) inheritance is blocked for the Exchange Organization object (CN=CHC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CHC,DC=LAN). This may cause mail flow problems, store mounting issues and other service outages. Follow Microsoft Knowledge Base article 264733 and use the Exchange System Manager to re-enable inheritance on this object.
I know what needs to be done but am I runnign any risk doing this?
Exchange works fine as is.
Todas as Respostas
quinta-feira, 7 de junho de 2012 14:53
It won't cause any issues, if inheritance has only have been removed.
Make sure. no other permission changes have been made , for anyother convenience.
Like "deny" for any security group below the "CHC"
Open Configuration Partition. Just go this location ,,
See location from left to right
--Properties of CHC - security - Advanced - Inheritance check should not be there .
It will be there for all other objects
Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
- Marcado como Resposta healthyCamper sexta-feira, 15 de junho de 2012 21:25
quinta-feira, 7 de junho de 2012 21:02
There are a number of explicit DENY permissions, but I don't have another Ex2007 to check them against to swee if they're the 'norm'. I think the reason inheritance was removed was for GFI MailEssentials as there's an account named 'GFI' added at this level, which couldn't have been unless Inheritance was removed.
Are these normal permissions at this level?
sexta-feira, 8 de junho de 2012 05:59Moderador
I suggest you go to enable inheritance for permissions on Organization object.
Here is a related document for you:
Permissions inheritance block on configuration object
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact email@example.com
TechNet Community Support
segunda-feira, 11 de junho de 2012 02:48Moderador
segunda-feira, 11 de junho de 2012 02:51Hi Evan, Will be doing this weekend to allow back-out time just in case. Not in office this week.
sexta-feira, 15 de junho de 2012 21:26
Happy to say my paranoia ill-founded. Change made, server restarted and no issues to report plus a nicer looking ExBPA