RE: Exchange Security

From: Starks, Brad (BStarks@co.marin.ca.us)
Date: 02/22/02


From: "Starks, Brad" <BStarks@co.marin.ca.us>
To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Thu, 21 Feb 2002 15:09:39 -0800

Yes, it is Exchange 5.5 on an NT 4.0 box.

I didn't have the Owner field cleared. Upon testing, I've changed the owner,
cleared the owner and made myself
the owner. None of these actions has any impact - people can still alter the
DL at will.

Brad

-----Original Message-----
From: Kurt [mailto:kurtbuff@lightmail.com]
Sent: Thursday, February 21, 2002 2:07 PM
To: Starks, Brad; focus-ms@securityfocus.com
Subject: RE: Exchange Security

I'm assuming for the moment that you're using Exchange 5.5. I don't know
enough about Ex2k to tell you how to do this.

If indeed you're using Ex5.5, open the Exchange administrator, double-click
on the distlist in question, and make sure you have the 'General' tab
selected.

Underneath the fields for 'Display name' and 'Alias name' there is a field
for 'Owner', with a 'Modify' and a 'Clear' button. I'm going to guess that
the field is actually empty. Click on the 'Modify' button, and select the
single person in hte GAL who should have the ability to make changes to the
distlist.

Once you 'OK' your way back to the Exchange Administrator program, you have
protected your distlist.

HTH,

Kurt

| -----Original Message-----
| From: Starks, Brad [mailto:BStarks@co.marin.ca.us]
| Sent: Wednesday, February 20, 2002 15:47
| To: 'focus-ms@securityfocus.com'
| Subject: Exchange Security
|
|
| Hello everyone,
|
| I'm semi-new to the list and semi-new to security. :)
|
| I've got a question that hopefully someone can answer. The
| answer should
| be easy, but nothing I try seems to work.
|
| Here's the scenario:
|
| I've got a global distribution list that I want to lock down.
| Right now,
| anyone
| on the distribution list can add/remove other members to/from it. This
| recently became a problem when it was reduced from 2000 members to
| 400 because someone was doing something they shouldn't be.
|
| Obviously, only those people that we designate should have this power.
| I've added the permissions tab to the list through Exchange
| administrator,
| and according to the permissions on the DL, no one other than those
| listed should have any modification rights whatsoever to it. But, that
| doesn't
| work. I've even added the everyone group and removed all of
| their rights
| except the ability to search, but they can still add and
| remove members
| at will just by calling up the DL within their Outlook client.
|
| So, is there another place to look to accomplish this task?
|
| Thanks in advance,
|
| Brad
|



Relevant Pages

  • Re: The really cool stuff
    ... equivalent of having the "555" exchange in phone numbers. ... reader will know how to call it. ... Saying Jenny was ... owner, and most people wouldn't even know how to go that far. ...
    (rec.arts.sf.written)
  • Re: last used date for dist lists in AD - Update
    ... Turns out that MessageStat from Quest software will help with this. ... Exchange it supports. ... >> either not available (the owner left the company and nobody else was ... >> reasonable time or the owner indicates it is no ...
    (microsoft.public.windows.server.active_directory)
  • Re: Bounced Email
    ... However, you can create a Windows SMTP server for the domain, and configure ... MVP - Exchange ... I have one domain owner who ... Email addressed to usera, userb, userc, and owner go to each inbox ...
    (microsoft.public.exchange.admin)
  • Re: Public Folder "System Configuration" in 5.5 has no owner
    ... >having no Owner. ... I cannot find this folder in the ... >Exchange Administration utility to fix it. ...
    (microsoft.public.exchange.admin)
  • RE: Exchange Security
    ... If indeed you're using Ex5.5, open the Exchange administrator, double-click on the distlist in question, and make sure you have the 'General' tab selected. ... | on the distribution list can add/remove other members to/from it. ... | listed should have any modification rights whatsoever to it. ...
    (Focus-Microsoft)