Exchange 2003 GAL access/restriction issues
Hi, is it possible to restrict access to the global address list, but only allow address listing by department? For example, I do not want users in the Sales dept to view any listing in the manufacturing dept, and vice versa? Example below:
---- Global Address List
-- Default Global Address List (I have modified the search string, so the search will end up with no matches)
-- Sales dept address list (modified the search string, matching user logon names to view this address list)
-- Manufacturing dept address list (modified the search string, matching user logon names to view this address list)
......
I cannot get outlook over rpc users to login. Don't really care about OWA (and but OWA works without the GAL).
Q1: Will the server match all address list one at a time, until it exhausts all the address lists defined?
Q2: It is possible to hardcode the default address list to match PER OU? (ie, using adsiedit?)
Your help is greatly appreciated.
Thanks
-ken
January 5th, 2007 12:56am
Here you can read how to manage access to Address List
http://support.microsoft.com/kb/319213/en-us
Using Permissions to Limit Access to Address Lists
All users can access all address lists by default. However, if you want to deny users access to particular address lists, for example, if you want to use department-specific address lists that are only available to members of those departments, configure permissions on individual address lists:
1.
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2.
Expand the Recipients object, and then double-click All Address Lists.
3.
Right-click the address list for which you want to set permissions, and then click Properties.
4.
Click the Security tab, and then click to clear the Allow inheritable permissions from parent to propagate to this object check box. NOTE: Address list permissions are inherited by default.
5.
Click Copy to copy the current permissions from the parent object. Do not click Remove. If you do so, system permissions may be affected.
6.
To grant a recipient access to the address list, click Add, click either a recipient or group in the Select Users, Computers or Groups list, and then click to select the Allow check box next to Read permissions.
7.
To deny a recipient access to the address list, click a recipient in the Select Users, Computers or Groups list, and then click to clear the Allow check box next to Read permissions.
8.
Click OK.
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2007 8:40am