Security in distribution lists
Hi,I have detected an issue about distribution groups of Active Directory.I have Exchange 2003 on my company andI have configured a lot of distribution groups with a UNIVERSAL scope.I have detected a critical issue while was "playing" with my Outlook 2003. I'm going to describe the steps I have done:1. Add a recipient in the "To" field of a new message.2. Double-click in this recipient and I access to his properties.3. Go to "Member of" tab, so I see all the distribution groups to wich the recipient. 4. Double-click on one of them and access to his properties. 5. I can modify the members of this distribution group and the changes are stored in Active Directory.I have done all the previous steps with a non-administrative user, so every AD user havepermissions to modify members of distribution groups.Is this a Exchange's security bug?Have I done a wrong distribution groups configuration?Thanks in advance.Best Regards.PS: I have denied Write permissions on distribution groups to "Domains Users" group to fix the issue.
March 11th, 2009 8:25pm

you've answered your own question in a way.you should of disabled write permissions when you set them up.
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2009 12:45am

Hello Marcos,This shouldn't happend ideally and by default users shouldn't have permission to modify the membership of any DL.Did you check the permissions of DL and made sure that the user you used in your test doesn't have write permission? You may need to check nested groups to make sure that users are not getting write permission or Allow Write Members from anywhere.Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
March 12th, 2009 5:58am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics