I'm running Exchange 2003 SP1 and I've been having a problem where users are modifying distribution lists in the GAL. I'm pretty convinced it's a permissions issue, because most (not all) users can do it - the rest of them get a security error. I've created new users and placed them randomly across the AD and they are able to modify the DLs.
None of the distribution lists have owners assigned and should only be managed by the Exchange admins. It's becoming quite a sticky issue since Exchange has a habit of "promoting" distribution groups to security groups. Our users should definitely stay away from that!
I don't see any security tabs on the distribution group objects themselves. The Security tab on the Default Global Address List Properties in Exchange System Manager shows the list of the user names. Groups like "Everyone" and "Authenticated Users" are in the list, but they do not have any permissions assigned (nothing checked). Where else can I go to prevent users form modifiying the DLs?