[Last Call] Learn how to a build a cloud-first strategyRegister Now


Exchange 2003 - Inheritable Permissions

Posted on 2006-05-23
Medium Priority
Last Modified: 2008-03-17
In fixing a previous issue (http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21859866.html), I came across this one.

If I look at the security settings of "All Global Address Lists" in the system manager, it says the permissions are inheritable from the parent. The same is true if I look at the security settings for my server in the system manager. There are quite a few unexpected entries (multiple entries for "Everyone" and "ANONYMOUS LOGON" that have multiple different settings - some blank, some specialized) and I would like to clean this up, but this begs the question: what are the parent objects in this scenario? What are these objects inheriting permissions from?
Question by:brainbolt
  • 2
LVL 104

Expert Comment

ID: 16747227
The rule with Exchange permissions is DO NOT TOUCH.

People start removing permissions that they don't understand and then wonder why their Exchange breaks.
The only people that benefit from changing permissions in Exchange are consultants like me or Microsoft, who then charge you large amounts of money to fix the permissions back to how they were.

The permissions are there for a reason - often to allow read only access, to deny access and to allow services to see that something is there but not see the data.


Author Comment

ID: 16747245
What about the original question then? I certainly don't want regular users to be able to modify a distribution list. Is it safe to modify those permissions?
LVL 104

Accepted Solution

Sembee earned 1000 total points
ID: 16747373
You accepted the wrong answer.
The answer from Amit Aggarwal is the proper way to secure your distribution groups.


Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month17 days, 20 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question