Exchange 2003 - Restrict modification of distribution groups in the Global Address List from Outlook

Posted on 2006-05-22
Last Modified: 2008-02-01
I run Exchange 2003 and I am finding that Outlook users can add or remove members of a distribution group in the global address list (GAL). For example, I have a group called "sales" ( that distributes to a specific group of people. Well, if Jennifer Receptionist opens her address book in Outlook and picks the Global Address List from the drop down, she can see the "sales" group and can add or remove members. Not a good thing. How do I restrict access to the modification of those groups in the GAL?
Question by:brainbolt
    LVL 1

    Accepted Solution

    Check the security permission: Open Exchange System Manager>>Recipients>>All Global Address Lists, then check the security under properties and make sure that everyone permission is not R/W!
    LVL 1

    Expert Comment

    Sorry...I forgot to add Default Global Address List under All Global Address Lists!
    LVL 12

    Expert Comment

    These steps are to grant minimum permissions required for a owner to manage a DL using Outlook Client.
    1. On the security tab, click Advanced and Click on "Add"
    2. Select the user from the list and click "OK"
    3. On the object tab,
          a) Apply onto: Scroll upto select: This object only.
          b) Permissions: Send As: ALLOW.
    4. On the properties tab,
          a) Apply onto: Scroll upto select: This object only.
          b) Read Members: ALLOW
          c) Write Members: ALLOW
          d) Click "OK" all the way out.

    You need to make sure that the user in question doesnt have these permissions.

    Amit Aggarwal.
    LVL 2

    Author Comment

    Thanks, mqwaider. That is it. Looking into this has spured a follow-up question though...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Live - One-on-One Exchange Help from Top Experts

    Solve your toughest problems, fast.
    Exchange experts are online now and ready to help you.

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now