Exchange 2003 Prevent users from modifying distribution lists

I'm running Exchange 2003 SP1 and I've been having a problem where users are modifying distribution lists in the GAL. I'm pretty convinced it's a permissions issue, because most (not all) users can do it - the rest of them get a security error. I've created new users and placed them randomly across the AD and they are able to modify the DLs.

None of the distribution lists have owners assigned and should only be managed by the Exchange admins. It's becoming quite a sticky issue since Exchange has a habit of "promoting" distribution groups to security groups. Our users should definitely stay away from that!

I don't see any security tabs on the distribution group objects themselves. The Security tab on the Default Global Address List Properties in Exchange System Manager shows the list of the user names. Groups like "Everyone" and "Authenticated Users" are in the list, but they do not have any permissions assigned (nothing checked). Where else can I go to prevent users form modifiying the DLs?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If the OU which contains the Distribution Lists has delegated control to a particular group of users, then this would allow such behavior.

If you want to review this open up the Group Policy Manager and review the Delegation permissions of the OU's in question.  Click on Advanced... and then Advanced... again to see the detailed permissions of the object.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
boylewongAuthor Commented:
It was buried deep, but I think that was the place they were hiding. Fantastic! Now I can rest knowing everyone will continue to pester the Exchange admin to modify the groups instead of taking matters into their hands. Thanks!
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No problem!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.