03 Mar 2010 01:03:46 am
When designing/deploying Exchange within a dispersed environment with segregated Exchange or Active Directory administration it’s important to consider the functionality of Role Based Access Control (RBAC) within Exchange and the function of the Trusted Subsystem. This is directly applicable to how ‘Local Administrators’ are defined for all Exchange Servers within the environment.
As you’ll find, all commands that are executed in either the Exchange Management Shell or the Exchange Management Console are not executed under the security context of your user account. Instead the RBAC components of Exchange take the commands and evaluate it against the Role Group(s) that you have been assigned and any policies that have been granted. If authorized to do so the commands are then executed against Windows, AD or Exchange under the security context of the Exchange server, a member of the “Exchange Trusted Subsystem”.
The Exchange Trusted Subsystem is a highly privileged universal security group that has access to read or modify all Exchange related objects and attributes within Active Directory, effectively making the Exchange Trusted Subsystem an organization-wide Exchange Super user. Because of this local administrator privileges over all of your Exchange servers should be highly restricted to only the most trusted administrators in your organization.
Effectively speaking, this means that anyone that has local administration privileges over a single Exchange server within your organization should be considered, by extension, a full Exchange Organization Administrator as well as Local Administrator against all other Exchange servers.