If required, you can add the permissions at the Organization or Administrative Group level in the Exchange hierarchy. This will enable the permissions to be propagated automatically to any new Exchange Servers added below the level at which the permissions are assigned.
To assign the permissions at Organization or Administrative Group level (Exchange Server 2000 or 2003)
Enable the display of the Security page by configuring the ShowSecurityPage registry setting (see Microsoft Knowledge Base article 883381).
In the left-hand pane of Microsoft Exchange, System Manager, right-click your Exchange Organization or the administrative group that you want, and select Properties.
Select the Security tab and set the required permissions for the Vault Service account, as described in the steps for individual Exchange Servers.
To assign the permissions at Organization or Administrative Group level (Exchange Server 2007)
To assign permissions at Exchange Organization level, expand the tree in adsiedit.msc as follows:
Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]
To assign permissions at Administrative Group level, expand the tree as follows:
Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)
Add the Vault Service account and grant this account Full Control.