Script Director Permissions

When you run the Script Director Installation Wizard, you are using a very powerful tool that can access both mailboxes and folders in the public information store. If you are installing forms or scripts to public folders, you can only install these items if you are the owner of the folder. Additionally, the mailbox that belongs to the folder owner must also have Author permission or above on the hidden EventConfig_<ServerName> folder if you plan to install scripts or routing agents on that folder. If you plan to install Scripts on mailbox folders, the target mailbox itself must have Author or above permission on EventConfig_<ServerName>. You should later revoke this permission if you want to prevent the mailbox owner from modifying Exchange Server scripting agents. The installed agents will still execute even though the mailbox owner no longer has permission to modify the agents. If you plan to run Exchange 5.5 event scripts on an Exchange 2000 server, please consult the following KB articles:

XCCC: Items Unavailable on the Agents Tab When You Administer Events Scripts (Q298442)

XCLN: Agents Tab Missing in Outlook Inbox Properties (Q247839)

If you plan to use the Installed Forms and Installed Scripts reporting capability of Script Director for mailboxes, you will also need to create a Script Director NT Account that has Mailbox Owner rights on the Recipients container. The privileges for reporting and installation/deletion are equivalent from the perspective of Script Director.

The following table shows the permissions required for the correct operation of the Script Director Installation Wizard.

To set permissions on EventConfig_<ServerName>

1. Start the Exchange 5.5 Administrator program. If you are using Exchange 2000 server, please see XCCC: Items Unavailable on the Agents Tab When You Administer Events Scripts (Q298442) for the correct steps to set permissions.

1. Navigate to Events Root under System Folders. Open the node for Events Root and click the EventConfig folder for the Exchange server on which the scripts will run. See the illustration below.

3. Select Properties... from the File menu.

4. Click the Client Permissions button on the General tab.

5. Click the Add button to add the mailbox from the Global Address List to the permissions list.

6. Set the Roles drop-down to Author as shown in the illustration below.

7. Click OK twice to accept your changes.

To set Mailbox Owner rights for the Script Director NT Account

In order to open mailboxes that are not in the profile of the logged-on Script Director user and install scripts and forms, Script Director must use the ability of designated NT accounts to open a mailbox even though that NT account is not the primary Windows NT account for the mailbox. An NT account with this power is typically known as the Exchange Service Account. You can add additional NT accounts with a lesser rights mask to to the Recipients container in the Exchange Administrator program.

1. Start the Exchange Administrator program

2. Navigate to the Recipients container object in your Site.

3. Select Properties... from the File menu.

4. Click the Permissions tab.

5. Click the Add... button on the Permissions tab.

6. After you select the NT account that will have Mailbox Owner rights in the Recipients container, Click Add in the Add Users and Groups dialog box.

7. Click OK.

8. Select the NT account you just added in and then clear all the Rights in the Rights list box except for Mailbox Owner as shown in the illustration below.
   
   

9. Click OK to accept your changes.