Solved

"Pre-Windows 2000 Compatible Access" group question w/ Exchange 2003

Posted on 2006-07-20
2
506 Views
Last Modified: 2007-12-19
I'm running DomainPrep in preparing to install Exchange 2003 server.  I have just been following the deployment tools checklist to install it.  Anyway, I got this message:

The domain has been identified as an insecure domain for mail-enabled groups with hidden DL membership.  Hidden DL membership will be exposed to members of the built-in "Pre-Windows 2000 Compatible Access" security group.  This group may have been populated during the promotion of the domain with intent of allowing permissions to be compatible with pre-Windows 2000 servers and application.  To secure the domain, remove any unnecessary members from this group.

I checked the group in question, and there is one member: Authenticated Users with AD folder in NT Authority.  Is it OK to have there, or do I need to remove it?  What is it?  
0
Comment
Question by:dbestcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 125 total points
ID: 17167243
This error is normal.  They still warn you even if you didn't select “Permissions compatible with pre-Windows 2003 servers” during the DCpromo phase.  

The permissions are fine and they are what they should be.  The security risk was when the "Pre-Windows 2000 Compatible Access" contained the EVERYONE group.  Keep the Everyone group out of here.

This group is for backward compatibility for NT4 systems allowing for NULL session connections.
0
 

Author Comment

by:dbestcomputers
ID: 17168048
Ok, thank You!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question