Exchange 2003 Enterprise Security Groups

Hi there,

I have created multuiple security groups with members in active directory. These also have an email address associated with them so they act as distribution groups as well. How can I tell Exchange Server 2003 to only allow Administrators to modify the members to a group. At present anybody can call a group up in Outlook and modify its members. I have tried using the Managed By tab and it seems to make no difference. Have I completely missed the point somewhere?

Many thanks in advance,
Michael
Just_When_I_Thought_Knew_ItAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SubsunCommented:
Check the permissions on the security tab for following groups..
Authenticated users
Domain users
Everyone
or any security group where all users are member of
0
SubsunCommented:
Check the affective permission of groups and see if they are allowed to modify the membership. It will be easy if you go to the advanced security settings and sort the permission tab to identify the culprit group..
permission1.GIF
permission.GIF
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Just_When_I_Thought_Knew_ItAuthor Commented:
Hi Subsun,
thank you so kindly for your answer - it has also pointed out to me that I think I have made a major error. I have setup all my email groups in Active Directory/Groups and I am now beginning to think I should have set them up under Exchange System Manager/All Address Lists/All Groups.

Can you just write me back to let me know.
Thankyou kindly,
Michael Dupree
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

SubsunCommented:
In Exchange 2003 the recipient management is done using active directory and computers. If you mail enable a group in AD it will get automatically populated to the address list because there is a query defined in the Exchange System Manager/All Address Lists/All Groups to list all mail enabled groups in AD.

Your users was able to change the address list since they have permission on the group, this might be inherited from the OU. You may check and find out from where the permission is getting inherited to the distribution groups.
0
Just_When_I_Thought_Knew_ItAuthor Commented:
Once again thank you Subsun,
well I have to admit I suddently feel technically quite useless - the screen dumps you placed in the original response I-  cannot find them anywhere in my Active Directory (WS 2003) - could you just drop another comment detailing the navigation required to get to these screens?

Thanks again,
Michael
0
SubsunCommented:
Go to security tab and click on advanced..
ad.JPG
0
Just_When_I_Thought_Knew_ItAuthor Commented:
Thank you Subsun,
in a sense I am so glad you said that because when I open up the properties for a group I have no security tab!! Very confused!!

group-properties.jpg
0
SubsunCommented:
Select the advanced features as shown in screen shot..
ad.JPG
0
Just_When_I_Thought_Knew_ItAuthor Commented:
Oh my goodness - in all the four years that I have been using Active Directory I have noticed that option - oh wonderful stuff Subsun - I feel so small!! Still at least I've got the w/e to try and feel like a man again. Once again, thank you very kindly for all your support on this question - Michael.
0
SubsunCommented:
Nothing here to feel so small or worry about. some time even masters miss some small things.. It always happens.. Yesterday I was searching for my USB flash drive in my entire house.. at last I found it in my Trouser pocket.. :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.