What is more important to your environment? Logging or prevention? Or do they have equal weight?
Everything an admin does is logged in Exchange 2010 (look up admin audit logging). If you need to PREVENT, then you'll also need to created scoped RBAC. From: Stu Packett [mailto:[email protected]] Sent: Saturday, June 02, 2012 4:19 PM To: MS-Exchange Admin Issues Subject: RBAC - Recipient Management Role group I'm helping a company with about 20 sites migrate to Exchange 2010 (from 2003). Each site has their own set of admins and help desk, but every single one of them is an Exchange Admin in 2003. Management and the lead Exchange engineer want to implement RBAC for the obvious reasons. I suggested the Recipient Management role group for everyone which should allow them to do their normal tasks that their doing now, but not allow them to makes changes to the Exchange configuration. Do most of you just keep the default Recipient Management role group or do you create a new role group based off it and make changes? If you do makes changes, what changes and why? Thanks in advance and any other suggestions would be welcomed. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist
