Strict Split Permission Security Model In Exchange 2010 SP1 Beta Setup…

by Rajith Jose Enchiparambil on July 2, 2010

Pin It

Microsoft has introduced a new option as part of the Exchange 2010 SP1 Beta setup, configuring strict split permission security model. Applying this feature is optional though.

Strict split permission

The strict split permission security model is aimed at large organizations, where there are different teams for Active Directory and Exchange. Applying this security model removes the ability for Exchange administrators to create AD objects such as users, groups and contacts. The ability to manage non-Exchange attributes on those objects will also be removed.

You shouldn’t apply this security policy model if you don’t have separate teams or specific requirement to have a split permission model. Large organizations will welcome this option as the AD team will be able to create the AD objects following their naming standards and the Exchange team can configure the mail attributes.

This option is only available for a vanilla installation of Exchange 2010 SP1 Beta (not in 2010 RTM upgrade to SP1 Beta).

SUBSCRIBE FOR DAILY ARTICLE UPDATES VIA EMAIL
Get the published articles delivered straight to your inbox. Your details will not be passed to any third party company.

Exchange Architect, Blogger, Husband & Dad. I have been in IT for the last 11 years, with Exchange Server becoming the prime area in the last few years. I am active on TechNet forums & Experts Exchange.

View all contributions by

  • How To Find Which Store Worker Process Is Responsible For A Mailbox Database In Exchange 2013

    Exchange 2013 has a new store named the Managed Store. In order to provide failure isolation in the database level in 2013, Microsoft has introduced two new processes as part of the managed store concept. First is the Store Worker Process(Microsoft.Exchange.Store.Worker.Exe) which does the same job that store.exe handled in previous versions. The only difference [...]

    Read More

  • Upload GAL Photos Using Exchange 2013 OWA Options (ECP)

    The “self service” option in OWA 2013 (ECP) has been enhanced with the option for uploading GAL photo by the end user. In Exchange 2010 ECP, end users were able to edit their contact details, address etc depending on the role assignment policy. In Exchange 2013 ECP ( OWA –> Options), the end user can [...]

    Read More

  • OWA 2013 Virtual Directory Displays The OWA Version As Exchange 2010

    A bug or typo in the code? While browsing the EAC, I noticed that the OWA virtual directory displays that the OWA Version as Exchange 2010 & not 2013. This happens in an Exchange 2013 only environment. The Shell displays the same info. MS, Is it a bug in the code or a typo?

    Read More

  • 2 Million Hits & 2.67 Million Page Views

    Yes, HowExchangeWorks has had 2 Million Hits & 2.67 Million page views so far! I take this opportunity to thank all my readers for your continuous support. I couldn’t have done this without you guys.

    Read More

  • Exchange 2013 Server Role Requirements Calculator v5.1

    Exchange Team has finally released the first public version of the 2013 Server Role Requirements Calculator. The name has been changed as the calculator now makes recommendations for both the Mailbox and CAS roles. If anyone out there is still confused, this is the 2013 equivalent of the 2010 Storage Calculator. The look and feel [...]

    Read More

1 comment… add one

  • Deepak Khandelwal July 5, 2010 at 3:37 pm

    Thanks for sharing. I did not realise it is not availble for upgrade from RTM. Bit of a limitation for organisation who already have started with 2010.. I thought the feature is very useful and give admin more control on delegating the access.

    Reply edit

Speak Your Mind…

Website Hits