Re: Hiding Personal Employee Information in Address Book
- From: "Mark Arnold [MVP]" <mark@xxxxxxxx>
- Date: Fri, 30 Mar 2007 19:08:49 +0100
On Fri, 30 Mar 2007 17:59:07 GMT, "exx" <exx@xxxxxxxxx> wrote:
First off the environment is Exchange 2003 SP1 with Active Directory 2003.This is not an Exchange question because the permissions have to be
Basically... our HR department was granted limited access to AD to fill in
user information (Home address, telephone, etc...) and I then modified the
default user ACL so that any member of "Group X" in AD was denied access to
seeing the above personal information. This worked on the Global Address
List as well....
But now there's a problem. We've been setting up users in Cached Mode, and
those users are able to see everything. I believe this has to do with the
fact that Exchange is generating the Address List and they're just
downloading it, as opposed to them querying it using their credentials.
Any thoughts on a way around this? (Other than removing all personal
information, or disabling cached mode on every machine). Is there a specific
account in Exchange that generates the address list? If so, can that account
be denied access to processing those personal attributes?
Thanks :)
Matt
assigned on the attributes in AD (since you will already be aware that
there is no such thing as an independent GAL like in 5.5, everything
comes from AD)
So,
By default "Auth Users" has Read to the entire directory and you can
change that and get more granular. Bad news is that you will screw
very badly with things like GPOs so whilst the narrow answer is yes, I
would suggest you treat that as a no.
.
- Follow-Ups:
- References:
- Prev by Date: Hiding Personal Employee Information in Address Book
- Next by Date: Re: Hiding Personal Employee Information in Address Book
- Previous by thread: Hiding Personal Employee Information in Address Book
- Next by thread: Re: Hiding Personal Employee Information in Address Book
- Index(es):
Relevant Pages
|
