Exchange Server

Conflicting Store Policies

Conflicting Store System Policies in Exchange 2003

Exchange Server 2000/2003 allows the Exchange Administrator to set store settings by directly editing the store’s properties, or by creating and working with Store System Policies (read Working with Store Policies for more info).

When you’re set System Policies and configured them to apply for specific stores (may these stores be Mailbox Stores or Public Folder Stores, it makes no difference), these stores will immediately "inherit" the policy’s settings. This is not regular inheritance, like in NTFS or AD permissions, but the effect is almost similar.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

There are times when you might need to configure more than one policy. For example one policy for mailbox limits, and another for Full Text Indexing settings. You can easily follow the outlines in the Working with Store Policies article to configure multiple policies. However, you cannot apply more than one policy with the same exact settings tab in them for a Mailbox or Public Folder Store.

For example, if you have one Mailbox Store Policy for the Limits tab in place, and you want to create another Mailbox Store Policy for the Full Text Indexing tab and apply it to the same Mailbox Stores – that’s fine. However you cannot apply another Mailbox Store Policy with the same Limits tab to any of the Mailbox Stores affected by the first Mailbox Store Policy.

First Policy, its settings,and the Mailbox Stores linked to it:

Second Policy, its settings, and no Mailbox Stores linked to it:

If you try to apply the VIP MBX Store Policy on the HR MBX Store that is currently affected by the first MBX Store Policy you will get the following warining:

If you answer Yes, the HR MBX Store will be added to the list on the right pane, but will be removed from the list for the first policy:

However, when you remove the store from the list, it will still hold the settings that were applied to it by the policy, therefore you will need to manually edit the store’s settings in order to return them to either the default settings, or to whatever settings you wanted to configure. Read Removing Store Policies for more info.

You’ll note that the selected tab not grayed out, however it still holds the exact settings that were being applied to it by the policy. You can now edit these settings.

So, as a conclusion, any store settings tab can only be influenced by one Store Policy.

You could use this behavior to solve another issue (as described in Removing Store Policies):

If you have tens and hundreds of stores and now you wanted to remove many of them from the policies influence you would now be forced to manually edit all of them and return their settings to whatever setting you require.

However there is another way to "return" the affected stores’ settings back to whatever setting they had before being influenced by the store policy. You can simply create a new policy, lets call it "Default MBX Store Policy". In it configure the right settings tabs with the right settings (follow the guidelines found in Working with Store Policies). After that just apply the new policy to the stores you wish to return to default. Because a conflict cannot be allowed, the stores will be removed from the list on their original policy, and be affected by the new policy. After checking that the new, default settings were applied to the stores, you can simply follow Removing Store Policies to remove the policy.

Related articles

You might also want to read the following related articles:

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: