?
Solved

"Pre-Windows 2000 Compatible Access" group question w/ Exchange 2003

Posted on 2006-07-20
2
Medium Priority
?
510 Views
Last Modified: 2007-12-19
I'm running DomainPrep in preparing to install Exchange 2003 server.  I have just been following the deployment tools checklist to install it.  Anyway, I got this message:

The domain has been identified as an insecure domain for mail-enabled groups with hidden DL membership.  Hidden DL membership will be exposed to members of the built-in "Pre-Windows 2000 Compatible Access" security group.  This group may have been populated during the promotion of the domain with intent of allowing permissions to be compatible with pre-Windows 2000 servers and application.  To secure the domain, remove any unnecessary members from this group.

I checked the group in question, and there is one member: Authenticated Users with AD folder in NT Authority.  Is it OK to have there, or do I need to remove it?  What is it?  
0
Comment
Question by:dbestcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17167243
This error is normal.  They still warn you even if you didn't select “Permissions compatible with pre-Windows 2003 servers” during the DCpromo phase.  

The permissions are fine and they are what they should be.  The security risk was when the "Pre-Windows 2000 Compatible Access" contained the EVERYONE group.  Keep the Everyone group out of here.

This group is for backward compatibility for NT4 systems allowing for NULL session connections.
0
 

Author Comment

by:dbestcomputers
ID: 17168048
Ok, thank You!
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question