Because of the fact that the Community Technology Preview (CTP) build of Exchange 2003 SP2 is now available, we wanted to mention a permissions requirement for the FIRST SP2 installation into the organization.
With Exchange Server 2003 Service Pack 2, we have made a slight change in the way setup functions. As you may recall with Exchange Server 2003 Service Pack 1, you only needed the following rights to complete the installation:
· Exchange Administrator role on the administration group where the Exchange Server 2003 server exists.
· Member of the local Administrators group on the target Exchange Server 2003 server.
With Exchange Server 2003 Service Pack 2, we now include the Intelligent Message Filter; it is no longer a separate add-on to Exchange. As a result, we have to create an object within the Active Directory to store the IMF settings (if it does not already exist):
cn=UCE Content Filter,cn=Message Delivery,cn=Global Settings,cn=<ORG NAME>,cn=Microsoft Exchange,cn=Services,cn=configuration,dc=<Domain Name>
In order to be able to create and validate that object, the following right is needed:
- Exchange Administrator (or higher) on the Organization level
The first time you attempt to upgrade an Exchange Server 2003 RTM/SP1 server in your organization to Service Pack 2, setup will check permissions of currently logged on user and ensure that it has the necessary rights to create the above object. If the necessary rights are missing, the following warning will be displayed:
The part of the popup that applies to the permissions issue is:
This service pack requires Exchange Administrator permissions at the organization level the first time it is applied in an Exchange organization. Subsequent installs of this service pack in the same organization require Exchange Administrator permissions at the administrative group level only.
After the first upgrade completes successfully, setup will check for the existence of the above AD object and allow customers to proceed with a more restricted permission set (i.e. Exchange Administrator role at the administrative group or higher, as per original permission requirements). So those elevated rights are needed only for the first Exchange 2003 SP2 installation in the Organization.
If the "UCE Content Filter" Active Directory object is not present in the AD, the IMF tab will not be visible in ESM Message Delivery properties.