Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Global Address List permissions!

Status
Not open for further replies.
TheAdMan

TheAdMan

Technical User
Oct 23, 2002
39
GB
Hello

I am nearly always confused by security permissons on windows 2000 and this is no exception.
I work in a college and want to have 2 global address lists, 1 for student and 1 for staff. I want neither to be able to see the others addresses. I have created new address lists for staff and students and all the filtering is sorted so that they pick up the correct people. Can anyone help me with the permissons i need to set on each so that only the correct people can see them?

Regards

Adam
 
Sort by date Sort by votes
create security groups for each set of users and assign "list" permissions respectively. make sure to remove the groups "authenticated users" and "everyone" to avoid conflicts...
 
Upvote 0 Downvote
By Default all the Address Lists are viewable to All users in the Exchange
Organization. For companies that serve as email hosts for other companies, this
is not acceptable. It is possible to allow only certain address lists to apear
to a particular set of clients.

Here are the Steps required.

1) Using ADSI edit, go to the cn=directory service,cn=windows
nt,cn=services,cn=configuration,dc=DOMAIN. Select the attribute dsHeuristics,
set it to be "001". Make sure to hit apply.

2) Using ADSI edit goto the Address lists Container, (found below Exchange
Organization Name container in the configuration partition). Remove the
authenticated users permissions via the security Tab and select apply. Now
select the advanced tab on the security page and choose ADD, select the
authenticated users group and Apply onto: "This Object Only". For permissions,
select allow: List objects and List Contents. Select ok and apply. Exit out of
ADSI edit.

3) Open ESM and go to the All Address Lists container. Now select the advanced
tab on the security page and choose ADD, select the authenticated users group
and Apply onto: "This Object Only". For permissions, select allow: List object.

Now to create the Address lists and grant permissions.

4) Once an Address list is created, we must add the group that you wish to see
it.

On the security/advanced settings tab for the address list, that group must be
given these permissions at a miniumum.
Apply onto: This object, subcontainers and children objects.
Permissions: Allow List contents, open address list,and list contents.

Only groups granted these specific rights will be able to see the list.
 
Upvote 0 Downvote
Hello

Sorry for the delay in response. I have done the procedure in previous post but is seems that the "everyone" group is given more right at the root level of the exchange organisation. is it safe to just stop all inheritance from above the address lists container?

Regards

Adam
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
intel233
  • Locked
  • Question
Export proxy addresses for distribution group
Replies
0
Views
263
intel233
intel233
SWC6284
  • Locked
  • Question
Exchange 2011 - mail bouncing back from from one user sending scans via address book on Fuji Xerox
Replies
0
Views
214
SWC6284
SWC6284
bartfliet
  • Locked
  • Question
Public folder email address not available...kinda.
Replies
0
Views
192
bartfliet
bartfliet
cjtucker1976
  • Locked
  • Question
The Exchange server address list service failed to respond. This could be because of an address list
Replies
3
Views
326
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top