Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
XADM: Information Store Does Not Set Permissions Correctly on Public Web Store Folders
Article ID: 296937 - View products that this article applies to.
This article was previously published under Q296937
Permissions on public Web store folders may be changed when a new user is added and granted all permissions. The user may lose Owner, Deleted Child, and Contacts capabilities. This affects not only the new user, but also other users that had full inherited permissions on that folder.
This problem occurs because certain rights are not applicable to the Exchange 2000 information store security model. When an administrator uses Exchange System Manager to assign these rights to a user, the information store does not update the Access Control Entry (ACE) for these rights. The information store also evaluates the inherited rights for other users on the object, and then updates the ACE to indicate only the applicable rights. As a result, the full permissions ACE is changed to special permissions.
The following rights are not applicable to the Exchange 2000 information store security model:
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/301378/EN-US/ )XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 2.
In Exchange 2000, the information store uses the Windows NT security model, instead of using its own security model. Access checking in Exchange 2000 is performed by using Windows NT functions and objects. As a result, there are instances in which Windows NT orders ACEs in one way, but Exchange 2000 uses a different ordering scheme so that the ACEs behave in the same manner that they did in earlier versions of Exchange Server.
The Microsoft Web Storage System software development kit (SDK) also documents this functionality.