Problem solve Get help with specific problems with your technologies, process and projects.

Modifying public folder ACLs

PFDavAdmin is a powerful tool that allows administrators to modify access control lists (ACLs) on Exchange public folders.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange...

or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

Microsoft's Product Support Services Team has developed a number of useful utilities for performing advanced Exchange recovery and management tasks. One of the newer -- and most powerful -- is PFDavAdmin, a tool that allows administrators to modify access control lists (ACLs) on Exchange public folders.

This program can be helpful in a variety of circumstances, not the least of which being when someone mistakenly messes with permissions on the M: drive (i.e., the automatically mapped drive that represents Exchange's store in a files-and-folders format). It's also handy if you want to create custom ACLs to specific items.

Keep in mind that any attempt to edit ACLs directly can be very dangerous and should only be done when absolutely warranted.

PFDavAdmin allows you to:

  • Modify folder permissions in the MAPI tree.
  • Selectively propagate permissions (so that you can preserve other downstream changes in the ACL).
  • Fix damaged ACLs.
  • Import, export and propagate replica lists.
  • Repair roles.
  • Add, edit and remove item-level permissions.
  • Check for event registrations.
  • Generate reports on ACLs.
  • Import and export ACL information en masse via XML.

    Note that this program accesses the Exchange store via WebDAV, so bulk operations in Exchange 2000 will not be very fast, especially if you are modifying thousands of objects. (Modifying an Exchange 2003 store should be much faster.)

    PFDavAdmin runs on Windows 2000, Windows XP Professional and Windows 2003 Server. It requires.NET Framework 1.1 or higher, and the computer running it must be a member of the same forest as the Exchange server that will be modified.

    You must be logged on as an Exchange administrator to use the tool. Also, be sure to read the included documentation to avoid any unwanted "gotchas."

    PFDavAdmin can be downloaded here.

    About the author: Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter and a regular contributor to

    Do you have comments on this tip? Let us know.
  • Dig Deeper on Exchange Server setup and troubleshooting