Because event scripting uses Microsoft Exchange objects, the level of Microsoft Exchange permissions for scripts is important. But because non-Microsoft Exchange objects can also be used, Microsoft Windows NT permissions are important as well. This section discusses both types of permissions.
The Microsoft Exchange Scripting Agent creates a CDO session based on the mailbox identity of the script author. This means that it has Microsoft Exchange Server permissions equal to those of the script author when accessing objects within the CDO session.
Typically, the Microsoft Exchange Scripting Agent runs on the Microsoft Exchange site service account, whose Windows NT permissions match those of basic Microsoft Exchange components such as the directory service and the information store. This means that the agent has the same broad powers on the system as Microsoft Exchange Server itself. The agent can, for example, open any recipient's mailbox. (In fact, it does open the mailbox of the script author, in order to determine that person's Microsoft Exchange Server identity.)
For this reason, unless you use Microsoft Transaction Server (MTS) as described in the following section, you should only allow trusted developers to create and bind scripts that run on your Exchange Servers. For information on granting permissions to run scripts on your servers, see Chapter 6, "Configuring Public Folders," in the Microsoft Exchange Server (version 5.5) Getting Started Guide.
See the Microsoft Exchange Server 5.5 Release Notes for details on how to use MTS as a process manager for running your scripts under a particular Windows NT security account (for example, as the IUSER_MACHINE account that is created for IIS anonymous logons). MTS is available as a component of Microsoft Internet Information Server (IIS) version 4.0.