?
Solved

restrict users to modify Global Address  Distribution List member list

Posted on 2008-10-20
8
Medium Priority
?
588 Views
Last Modified: 2009-10-06
Hi All,

I have exchange server 2007 environment. My problem is that , all the users in my Exchange can modify GAL Distribution List Member list. i want to restrict them . how to do this. please give me your suggestion.

Thanks
0
Comment
Question by:fextech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 8

Expert Comment

by:greesh_hem
ID: 22755668
0
 

Author Comment

by:fextech
ID: 22755690

Thanks for comment Gressh, but i am looking for restriction, not allow .  in my environment users are able to modify the GAL . how it is happend , and how can i stop them for modification in GAL.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22759596
Add-ADPermission -Identity:'Group Display Name -User:domain\username -AccessRights ReadProperty, WriteProperty -Properties 'Member' -deny
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:fextech
ID: 22765502
Thanks  Greesh, I want to deny writeproperty  for all users except administrator, how i can apply this on a particuler OU 's users or all users .
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22765773
@fextech: Did the above command work for you using -deny switch ?? Or not ??
0
 

Author Comment

by:fextech
ID: 22766091
yes it worked, but i have a lots of users those have permission. and i want to restrict all of them. so how can i use this syntax.
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 1000 total points
ID: 22766824
You need to have some thing common to those users (for example i am using customattribute1 common to all users in the following example)

$Users = Get-User | where {$_.customattribute1 -like "ABCD"}

Add-ADPermission -Identity:'Group Display Name -User "$Users" -AccessRights ReadProperty, WriteProperty -Properties 'Member' -deny

This worked on my lab.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month11 days, 8 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question