Exchange 2003 Prevent users from modifying distribution lists

Posted on 2006-04-12
Last Modified: 2007-12-19
I'm running Exchange 2003 SP1 and I've been having a problem where users are modifying distribution lists in the GAL. I'm pretty convinced it's a permissions issue, because most (not all) users can do it - the rest of them get a security error. I've created new users and placed them randomly across the AD and they are able to modify the DLs.

None of the distribution lists have owners assigned and should only be managed by the Exchange admins. It's becoming quite a sticky issue since Exchange has a habit of "promoting" distribution groups to security groups. Our users should definitely stay away from that!

I don't see any security tabs on the distribution group objects themselves. The Security tab on the Default Global Address List Properties in Exchange System Manager shows the list of the user names. Groups like "Everyone" and "Authenticated Users" are in the list, but they do not have any permissions assigned (nothing checked). Where else can I go to prevent users form modifiying the DLs?
Question by:boylewong
    LVL 74

    Accepted Solution

    If the OU which contains the Distribution Lists has delegated control to a particular group of users, then this would allow such behavior.

    If you want to review this open up the Group Policy Manager and review the Delegation permissions of the OU's in question.  Click on Advanced... and then Advanced... again to see the detailed permissions of the object.


    Author Comment

    It was buried deep, but I think that was the place they were hiding. Fantastic! Now I can rest knowing everyone will continue to pester the Exchange admin to modify the groups instead of taking matters into their hands. Thanks!
    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    No problem!


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now