Solved

"Pre-Windows 2000 Compatible Access" group question w/ Exchange 2003

Posted on 2006-07-20
2
501 Views
Last Modified: 2007-12-19
I'm running DomainPrep in preparing to install Exchange 2003 server.  I have just been following the deployment tools checklist to install it.  Anyway, I got this message:

The domain has been identified as an insecure domain for mail-enabled groups with hidden DL membership.  Hidden DL membership will be exposed to members of the built-in "Pre-Windows 2000 Compatible Access" security group.  This group may have been populated during the promotion of the domain with intent of allowing permissions to be compatible with pre-Windows 2000 servers and application.  To secure the domain, remove any unnecessary members from this group.

I checked the group in question, and there is one member: Authenticated Users with AD folder in NT Authority.  Is it OK to have there, or do I need to remove it?  What is it?  
0
Comment
Question by:dbestcomputers
2 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 125 total points
ID: 17167243
This error is normal.  They still warn you even if you didn't select “Permissions compatible with pre-Windows 2003 servers” during the DCpromo phase.  

The permissions are fine and they are what they should be.  The security risk was when the "Pre-Windows 2000 Compatible Access" contained the EVERYONE group.  Keep the Everyone group out of here.

This group is for backward compatibility for NT4 systems allowing for NULL session connections.
0
 

Author Comment

by:dbestcomputers
ID: 17168048
Ok, thank You!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now