When Microsoft Exchange Server is installed, Setup creates several shared directories so that other Microsoft Exchange Server computers can have access to the files in the directories. By default, Setup sets permissions for these directories that are usually sufficient for most organizations. However, you can change the permissions if those default permissions do not give the files enough protection against attacks by unauthorized users.
Caution Change permissions on these directories only if it is necessary because the changes could damage your Microsoft Exchange Server system.
Setup creates the shared directories shown in the following table.
Directory | Description |
Add-ins | Contains files that the Microsoft Exchange Server Administrator program uses to display information about connectors. This directory is shared as Add-ins. |
Address | Contains files for creating e-mail addresses. This directory is shared as Address. |
Connect | Contains files for Microsoft Exchange Server connectors. This directory is a hidden share that is shared as connect$. |
Connect\Msmcon\Maildata | Contains files used for Microsoft Mail. This is a hidden share that is available only if the Microsoft Mail Connector is installed. It is shared as maildat$. |
Res | Contains files, such as logs for Event Viewer and Microsoft Windows NT Performance Monitor, used by the local computer and remote computers. This directory is shared as resources. |
Tracking.log | Contains files used for message tracking. This directory is shared as tracking.log. |
The permissions granted to these directories are shown in the following table.
Permission | Type of access |
Everyone | Read (except for Maildata, which has full control) |
Service account | Full control |
Local administrators | Full control |
To restrict access to the shared directories, remove the Everyone permission and grant permissions to specific accounts using File Manager. Use the following guidelines for restricting access on shared directories: