Buenos días mis amigos (live from Santiago/Chile)
In Today’s post (actually we are going to have two) I would like to go over the simple process to create a shared folder to support EAC. You may find that useful when playing with certificates and PST Import/Export process (that is the topic of Today’s second post).
Before getting to the technical side and creating the share I would like to point out a couple of recommendations, as follows:
- The Shared folder can be created on any server however I would recommend to create it on an Exchange Server for the sake of simplicity and also you guarantee that your Exchange administrator has all its requirements in the same set of servers where he works.
- Bear in mind the size of the disk where you are creating the folder, especially if you are going to work with several PSTs, in that case a separate disk could be helpful.
First step is to create a folder and I’m going to call it ExUtil on the desired drive and then click on properties of this new folder and go to the Sharing tab. Let’s hide this folder by adding $ at the end of its name, so the Share name will be ExUtil$, make sure that you check the option Share this folder.
Let’s click on Permissions and here it’s up to you and your company policy. You can be very restrictive and make sure that you match all permissions that we are going to add on the NTFS (next sentence) or you can go and configure Everyone with Full Control. Since I’m going to secure my lab on the NTFS side I went to the second strategy.
Let’s click on OK, and then let’s click on Security tab.
Let’s click on Advanced button, and then on the new Block inheritance dialog box, let’s click on the first option which is Convert inherited permissions into explicit permissions on this object and then click OK.
Now that the inheritance was broken, we can click on Edit (we continue on the Security tab), and let’s remove Users and let’s add Exchange Trusted Subystem with Full Control permissions assigned to it. You may want to add any other group that is responsible to import/export PSTs in case they are not administrators, but you got the idea, right?
Done deal! Now, you can always use \\servername\ExUtil$ to manage your certificates, PSTs and so forth.