?
Solved

"Pre-Windows 2000 Compatible Access" group question w/ Exchange 2003

Posted on 2006-07-20
2
Medium Priority
?
514 Views
Last Modified: 2007-12-19
I'm running DomainPrep in preparing to install Exchange 2003 server.  I have just been following the deployment tools checklist to install it.  Anyway, I got this message:

The domain has been identified as an insecure domain for mail-enabled groups with hidden DL membership.  Hidden DL membership will be exposed to members of the built-in "Pre-Windows 2000 Compatible Access" security group.  This group may have been populated during the promotion of the domain with intent of allowing permissions to be compatible with pre-Windows 2000 servers and application.  To secure the domain, remove any unnecessary members from this group.

I checked the group in question, and there is one member: Authenticated Users with AD folder in NT Authority.  Is it OK to have there, or do I need to remove it?  What is it?  
0
Comment
Question by:dbestcomputers
2 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17167243
This error is normal.  They still warn you even if you didn't select “Permissions compatible with pre-Windows 2003 servers” during the DCpromo phase.  

The permissions are fine and they are what they should be.  The security risk was when the "Pre-Windows 2000 Compatible Access" contained the EVERYONE group.  Keep the Everyone group out of here.

This group is for backward compatibility for NT4 systems allowing for NULL session connections.
0
 

Author Comment

by:dbestcomputers
ID: 17168048
Ok, thank You!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question