Deep Traversal ExOLEDB Search Requires Administrator Permissions (309821)

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this problem, when you use ExOLEDB on SharePoint Portal Server to perform deep traversals directly, you must open write access to the root folder of the top-level hierarchy (TLH). This procedure provides administrative rights to those users that want to run the deep traversals.

To open access to the root folder of the TLH, perform the following steps:

Stop the Web store.
Set the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\[MACHINE]\Public-[mdbGUID]\Database Security Descriptor
To override the defaults, create a self-relative security descriptor that contains the discretionary access control list (DACL) you want as the default. Transfer the entire buffer that holds the SECURITY_DESCRIPTOR structure to the REG_BINARY value for this registry key.

NOTE: This security descriptor should not be in Exchange Server transfer encoded format. The security descriptor should be a standard Microsoft Windows NT security descriptor.
Restart the Web store.

Deep Traversal ExOLEDB Search Requires Administrator Permissions (309821)

SYMPTOMS

CAUSE

RESOLUTION

STATUS