Global Address List Permissions
I'm currently having a problem trying to remove specific OU's access to our Global Address List. We host mail for a number of companies each in their own OUand I don't want them to have access to the default GAL.
We currentlyruna 2003 environment. Exchange Server Standard SP2 and Windows Server 2003
Any help would be great.
Thanks
November 17th, 2007 12:11am
See if this helps, you'll have to deny to default GAL and create seperate GALs/OABs for each customer.
http://www.msexchange.org/tutorials/Shared-Hosting-Exchange-2003-Part2.html
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2007 12:31am
what do you mean by your customer has access to your GAL ? they can see your GAL but they can't modify it, each and every users under your exchange server by default have Read Access Onlyon your GAL, so they can read your GAL content from outlook client, but they can't modify your GAL, if they can, then something has been changed on the Access Settings over your GAL, and you need to check that.
Regards,
November 17th, 2007 1:24am
Thanks for the response.
Our default GAL has about 3000 individual addresses, and about 100 distribution lists within it on the server. Our company hosts email for about 20 other companies. I want to configure these companies to use RPC over HTTPS instead of POP3. When I do this, though, they then can send to the default GAL, which I don't want them to be able to do. I only want them to be able to send to the distribution lists and contacts within their Outlook client.
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2007 1:34am
knightly.... thanks for the response....
I did look at this article. It seems to be a great solution if I starting from scratch. However I have 200 Authenticated Users that can't lose access to the GAL. It seems if I follow this, they will all lose access. Am I reading that wrong?
November 17th, 2007 1:36am
If it were me, I'd do a new hosting environment so permissions were correct from scratch, and AD could be designed for hosting. Otherwise your in an undocument world of you-know-what.
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2007 1:41am
as every body said, you need to create a new GAL for your new hosted companies, each company with one GAL, and give permission for the users from that company. for the default GAL, you need to modify the Access list to remove the access of all other companies from viewing this GAL. for DL (Distribution List) you can set the permission on GAL to accept emails from certain group of users only, so you can deny sending emails to this DL for your hosted companies users.
i found the following discussion under one of the forums, please check it:
Restrict view of GAL between different companies
http://forums.asp.net/p/891211/1045425.aspx
Regards,
November 17th, 2007 7:11pm