Additional GAL for certain users
Hi All,
here is my situation......we were always using Blackberry devices....and whenwe set the blackberry up, for certain users, we would add a contact list that is located in our public folders........no issues
Now our problem is, we allowed iphones......and the iphone does not see the public folder contact list. Our executives musts see that list from their devices.
My thought was to create another address list in exchange 2007 and assign our executives, permissions to see that........basically they would see the Default GAL and this new address list....then I'm thinking it will work. Is this possible? I'm not sure how to assign permissions to the second address list.
Thank you so much for any help
September 23rd, 2008 6:20pm
Actually, come to think of it.....this may not work or may be the wrong solution.
The public folder contact list contains executives cell phone numbers and home addresses.......so even if i created a new address list.....how would it get updated say if the CEO changed his address or home number.
Can anyone provide suggestions on how Ican setupa certain group of users to seeinfo confidential info(home addresses, cell numbers)in Outlook/OWA and mobile devices?
Free Windows Admin Tool Kit Click here and download it now
September 23rd, 2008 9:26pm
any help on this?
September 24th, 2008 6:06pm
Hi,
I believe the below whitepaper can help you understand this issue better.
Configuring Virtual Organizations and Address List Segregation in Exchange 2007
http://technet.microsoft.com/en-us/exchange/bb936719.aspx
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
September 25th, 2008 9:24am
Allen,
Thanks for your reply.....I believe the way i can solve this is........in Active Directory, on the user account properties, there is a field for mobile phone........
If i enter the mobile phone numbers for my executives in there.....how can i restrict view access to the "mobile" field?
To clarify....say i update all my executive user accounts with their mobile phone numbers.....can i moves them into an OU and put permissions that say....if you are in this OU, you can view the mobile field.........or maybe create a group....and say if you're in this group, you can view the mobile field?
September 25th, 2008 5:45pm
Hi,
Of course, that solution which can be performed.
Please first create a security group in ADUC, and put all the non-executives in that group, then find a executive, double click it, in the Security tab, click Advanced button, click Add button, in the object name field, enterthat security groupthen click Check Names:
Students should now be underlined. Click OK.
Click the Properties tab.
You should now see the list of attributes, scroll down to 'Read Mobile Number' and 'Read Mobile Number (Others)'
Add a check mark in the deny column for Read Mobile Number and 'Read Mobile Number (Others)
Click OK until all the property dialog boxes are closed.
Finally, repeat the steps to apply to others executive. Then run gpudate commandto update the policy on the server and client side, then test this issue.
Because it didn't work if put all the executives into one security group, we have to do the operation one by one.
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
September 26th, 2008 12:48pm
awesome....thanks you rock
September 26th, 2008 5:19pm
Allen,
I tried this, and although it does work....I do have a problem.........If the "non execs" log into OWA, they can still see the mobile info. How can I resolve?
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2008 3:56am
Hi,
Indeed, that is the disadvantage of the above solution. Maybe you can consider the oringinal solution that I posted as below link:
Configuring Virtual Organizations and Address List Segregation in Exchange 2007
http://technet.microsoft.com/en-us/exchange/bb936719.aspx
Thanks
Allen
September 30th, 2008 9:44am