Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 501
  • Last Modified:

Exchange 2003 Prevent users from modifying distribution lists

I'm running Exchange 2003 SP1 and I've been having a problem where users are modifying distribution lists in the GAL. I'm pretty convinced it's a permissions issue, because most (not all) users can do it - the rest of them get a security error. I've created new users and placed them randomly across the AD and they are able to modify the DLs.

None of the distribution lists have owners assigned and should only be managed by the Exchange admins. It's becoming quite a sticky issue since Exchange has a habit of "promoting" distribution groups to security groups. Our users should definitely stay away from that!

I don't see any security tabs on the distribution group objects themselves. The Security tab on the Default Global Address List Properties in Exchange System Manager shows the list of the user names. Groups like "Everyone" and "Authenticated Users" are in the list, but they do not have any permissions assigned (nothing checked). Where else can I go to prevent users form modifiying the DLs?
0
boylewong
Asked:
boylewong
  • 2
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If the OU which contains the Distribution Lists has delegated control to a particular group of users, then this would allow such behavior.

If you want to review this open up the Group Policy Manager and review the Delegation permissions of the OU's in question.  Click on Advanced... and then Advanced... again to see the detailed permissions of the object.

Jeff
TechSoEasy
0
 
boylewongAuthor Commented:
It was buried deep, but I think that was the place they were hiding. Fantastic! Now I can rest knowing everyone will continue to pester the Exchange admin to modify the groups instead of taking matters into their hands. Thanks!
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No problem!

Jeff
TechSoEasy
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now